If we receive multiple CTCP requests in one PRIVMSG we now answer with
one packed NOTICE containing all CTCP replies. This fixes a possible
DoS Attack rendering Quassels IRC connection useless. Upgrading is
strongly recommended. Thanks to Jima for reporting and supporting.
Fixed software is already in the tree, and vulnerable code has already been removed. This bug is for GLSA tracking only.
GLSA Vote: Yes, unassisted remote DoS.
YES too, request filed.
This issue was resolved and addressed in
GLSA 201311-03 at http://security.gentoo.org/glsa/glsa-201311-03.xml
by GLSA coordinator Sean Amoss (ackle).