From $URL :
Saw this report about Charybdis and ircd-ratbox remote crash flaw at:
Researcher advisory suggests both the products are affected.
Sadly i could not get the contact details of either of the products
to copy on this email.
Should we be assigning CVEs to these issues?
A CVE has been filed: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6084
This issue also effects =net-irc/shadowircd-126.96.36.199 , a fixed shadowircd is in the tree (6.3.3)
modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before
3.4.2 does not properly support capability negotiation during server
handshakes, which allows remote attackers to cause a denial of service (NULL
pointer dereference and daemon crash) via a malformed request.
Arches can go ahead and stabilise charybdis-3.4.2 ...I was going to file a STABLEREQ for 3.4.1 soon anyway.
GLSA vote: yes.
I also vote that we combine this in the same GLSA as ShadowIRCd.
GLSA Vote: yes, and agreed. Added to request for 449790.
This issue was resolved and addressed in
GLSA 201405-21 at http://security.gentoo.org/glsa/glsa-201405-21.xml
by GLSA coordinator Sean Amoss (ackle).