Hello!
A severe bug in ngIRCd 18 up to and including 20.2 has been discovered which will crash the daemon (denial of service) and can happen when the daemon fails to send the optional "notice auth" message to new clients connecting to the server (CVE-2013-5580).
So here it is, our next release: ngIRCd 20.3.
Please note that only setups having the configuration option "NoticeAuth" enabled are affected, which is not the default.
The only change in ngIRCd 20.3 is the fix for the above bug, all installations should upgrade.
But please stay tuned, ngIRCd 21 including new features like SSL fingerprints, and include directory for configuration files, better systemd(8) support etc. is the the works, too, and I hope that we can soon release a beta version for testing. I'll keep you informed!
Changes in ngIRCd 20.3:
• Security: Fix a denial of service bug (server crash) which could happen when the configuration option "NoticeAuth" is enabled (which is NOT the default) and ngIRCd failed to send the "notice auth" messages to new clients connecting to the server (CVE-2013-5580).
More information can be found on the homepage http://ngircd.barton.de/ and its mirror http://ngircd.berlios.de/.
The primary download locations are:
• ftp://ftp.berlios.de/pub/ngircd/ • http://ngircd.barton.de/pub/ngircd/
Regards Alex