The patch applied to the gentoo eggdrop package in 1.6.18-r3 (only) by Nico Golde fixing bug 179354 called "80_all_CVE-2007-2807_servmsg.patch" in the patchset archive introduces a new vulnerability which exposes every eggdrop connected to an irc server (which is the main purpose of eggdrop) to be remotely crashable (by someone being on the same irc network).
(I'm not sure about the severity.. it makes the eggdrop packages unusable)
Steps to Reproduce:
Send an empty CTCP via IRC to the eggdrop bot, for example:
PRIVMSG eggdrop :\1\1
It segfaults and crashes
A new release of eggdrop was made because of this bug: http://www.eggheads.org/news/2009/05/14/35
patch to fix ctcp issue is also given at ftp://ftp.eggheads.org/pub/eggdrop/patches/official/1.6/eggdrop1.6.19+ctcpfix.patch.gz
*** Bug 271804 has been marked as a duplicate of this bug. ***
Arches, please test and mark stable:
Target keywords : "alpha amd64 ia64 ppc sparc x86"
GLSA voting: NO
NO, too. Closing.