From CVE request at $URL: please assign a CVE ID to a DoS issue in the ZNC IRC bouncer. I don't have a upstream reference, but the upstream patch applied by the Debian maintainer can be found here: http://patch-tracker.debian.org/patch/series/view/znc/0.202-2/01-fix-bouncedcc-dos.diff http://packages.qa.debian.org/z/znc/news/20120107T145601Z.html
from commit: Affected ZNC versions: 0.200, 0.202. probably here it should be ~3 ?
Indeed, 0.9.4 does not include bouncedcc module.
patch applied in znc-0.202-r1 old ebuild removed. upstream reference: http://sprunge.us/TAGd thanks :)
real upstream reference: https://github.com/znc/znc/commit/11508aa72efab4fad0dbd8292b9614d9371b20a9
Thanks, everyone. Closing noglsa since stable packages were not affected.