Alexander Barton : ngIRCd Release 20.3 - ngIRCd GIT Updates

23 Aug 2013

Module: ngircd.git
Branch: branch-20.x
Commit: bb6e2779636aa6d74bbff474880829f0183a3c94
URL:    http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=bb6e2...
Author: Alexander Barton alex@barton.de
Date:   Fri Aug 23 21:54:40 2013 +0200
ngIRCd Release 20.3
---
ChangeLog                |   10 +++++++++-
 NEWS                     |   11 ++++++++++-
 contrib/Debian/changelog |    6 ++++++
 contrib/ngircd.spec      |    2 +-
 4 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 08d337f..5920316 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,10 +9,18 @@
                                -- ChangeLog --
+ngIRCd 20.3 (2013-08-23)
+
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
+
 ngIRCd 20.2 (2013-02-15)
- Security: Fix a denial of service bug in the function handling KICK
-    commands that could be used by arbitrary users to to crash the daemon.
+    commands that could be used by arbitrary users to to crash the daemon
+    (CVE-2013-1747).
   - WHO command: Use the currently "displayed hostname" (which can be cloaked!)
     for hostname matching, not the real one. In other words: don't display all
     the cloaked users on a specific real hostname!
diff --git a/NEWS b/NEWS
index 38f6029..d092510 100644
--- a/NEWS
+++ b/NEWS
@@ -9,11 +9,20 @@
                                   -- NEWS --
+ngIRCd 20.3 (2013-08-23)
+
+  - This release is a bugfix release only, without new features.
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
+
 ngIRCd 20.2 (2013-02-15)
- This release is a bugfix release only, without new features.
   - Security: Fix a denial of service bug in the function handling KICK
-    commands that could be used by arbitrary users to to crash the daemon.
+    commands that could be used by arbitrary users to to crash the daemon
+    (CVE-2013-1747).
ngIRCd 20.1 (2013-01-02)
diff --git a/contrib/Debian/changelog b/contrib/Debian/changelog
index 2e39af0..396d1d0 100644
--- a/contrib/Debian/changelog
+++ b/contrib/Debian/changelog
@@ -1,3 +1,9 @@
+ngircd (20.3-0ab1) unstable; urgency=high
+
+  * New "upstream" release, fixing a security related bug: ngIRCd 20.3.
+
+ -- Alexander Barton alex@barton.de  Fri, 23 Aug 2013 21:53:21 +0200
+
 ngircd (20.2-0ab1) unstable; urgency=high
* New "upstream" release, fixing a security related bug: ngIRCd 20.2.
diff --git a/contrib/ngircd.spec b/contrib/ngircd.spec
index e2448a4..0469313 100644
--- a/contrib/ngircd.spec
+++ b/contrib/ngircd.spec
@@ -1,5 +1,5 @@
 %define name    ngircd
-%define version 20.2
+%define version 20.3
 %define release 1
 %define prefix  %{_prefix}

    