licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections. Reproducible: Always
*** This bug has been marked as a duplicate of bug 219708 ***
jcm, thanks for the bug report. To clear things up: We have backported the patch to 1.3.5, and applied it in 1.3.5-r1, which is stable on all relevant architectures.