From $URL :
A vulnerability has been reported in ShadowIRCd, which can be exploited by malicious people to
cause a DoS (Denial of Service).
For more information:
The vulnerability is reported in versions prior to 6.3.3.
Update to version 6.3.3.
@JD can we stabilize?
(In reply to comment #0)
> @JD can we stabilize?
Go for it. Arches added.
Arches, please test and mark stable:
Target keywords : "amd64 x86"
modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before
3.4.2 does not properly support capability negotiation during server
handshakes, which allows remote attackers to cause a denial of service (NULL
pointer dereference and daemon crash) via a malformed request.
GLSA vote: yes
GLSA Vote: yes, too. GLSA request filed.
This issue was resolved and addressed in
GLSA 201405-21 at http://security.gentoo.org/glsa/glsa-201405-21.xml
by GLSA coordinator Sean Amoss (ackle).