-- ChangeLog --
+ngIRCd 20.3 (2013-08-23)
+
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
ngIRCd 20.2 (2013-02-15)
- Security: Fix a denial of service bug in the function handling KICK
- commands that could be used by arbitrary users to to crash the daemon.
+ commands that could be used by arbitrary users to to crash the daemon
+ (CVE-2013-1747).
- WHO command: Use the currently "displayed hostname" (which can be cloaked!)
for hostname matching, not the real one. In other words: don't display all
the cloaked users on a specific real hostname!
-- NEWS --
+ngIRCd 20.3 (2013-08-23)
+
+ - This release is a bugfix release only, without new features.
+ - Security: Fix a denial of service bug (server crash) which could happen
+ when the configuration option "NoticeAuth" is enabled (which is NOT the
+ default) and ngIRCd failed to send the "notice auth" messages to new
+ clients connecting to the server (CVE-2013-5580).
+
ngIRCd 20.2 (2013-02-15)
- This release is a bugfix release only, without new features.
- Security: Fix a denial of service bug in the function handling KICK
- commands that could be used by arbitrary users to to crash the daemon.
+ commands that could be used by arbitrary users to to crash the daemon
+ (CVE-2013-1747).
ngIRCd 20.1 (2013-01-02)
+ngircd (20.3-0ab1) unstable; urgency=high
+
+ * New "upstream" release, fixing a security related bug: ngIRCd 20.3.
+
+ -- Alexander Barton <alex@barton.de> Fri, 23 Aug 2013 21:53:21 +0200
+
ngircd (20.2-0ab1) unstable; urgency=high
* New "upstream" release, fixing a security related bug: ngIRCd 20.2.
%define name ngircd
-%define version 20.2
+%define version 20.3
%define release 1
%define prefix %{_prefix}