commit bb6e2779636aa6d74bbff474880829f0183a3c94
from: Alexander Barton <alex@barton.de>
date: Fri Aug 23 19:54:40 2013 UTC

ngIRCd Release 20.3

commit - d24df64397015732bc6cc1c36a4710fc4db271f1
commit + bb6e2779636aa6d74bbff474880829f0183a3c94
blob - 08d337fa72e47940a87f34f74ded362ece29f23e
blob + 5920316d9eb5fe2c08b633c914b2ebd767b64c54
--- ChangeLog
+++ ChangeLog
@@ -8,11 +8,19 @@
 
                                -- ChangeLog --
 
+
+ngIRCd 20.3 (2013-08-23)
+
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
 
 ngIRCd 20.2 (2013-02-15)
 
   - Security: Fix a denial of service bug in the function handling KICK
-    commands that could be used by arbitrary users to to crash the daemon.
+    commands that could be used by arbitrary users to to crash the daemon
+    (CVE-2013-1747).
   - WHO command: Use the currently "displayed hostname" (which can be cloaked!)
     for hostname matching, not the real one. In other words: don't display all
     the cloaked users on a specific real hostname!
blob - 38f6029c5b32b397d3522d258da919f74aa109df
blob + d092510bcffccc7bca357525d226589e968a7c6e
--- NEWS
+++ NEWS
@@ -9,11 +9,20 @@
                                   -- NEWS --
 
 
+ngIRCd 20.3 (2013-08-23)
+
+  - This release is a bugfix release only, without new features.
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
+
 ngIRCd 20.2 (2013-02-15)
 
   - This release is a bugfix release only, without new features.
   - Security: Fix a denial of service bug in the function handling KICK
-    commands that could be used by arbitrary users to to crash the daemon.
+    commands that could be used by arbitrary users to to crash the daemon
+    (CVE-2013-1747).
 
 ngIRCd 20.1 (2013-01-02)
 
blob - 2e39af03bb82030ea810427f700f846e0e851f83
blob + 396d1d0c8e97704ddfd63630c57d7900d0950d21
--- contrib/Debian/changelog
+++ contrib/Debian/changelog
@@ -1,3 +1,9 @@
+ngircd (20.3-0ab1) unstable; urgency=high
+
+  * New "upstream" release, fixing a security related bug: ngIRCd 20.3.
+
+ -- Alexander Barton <alex@barton.de>  Fri, 23 Aug 2013 21:53:21 +0200
+
 ngircd (20.2-0ab1) unstable; urgency=high
 
   * New "upstream" release, fixing a security related bug: ngIRCd 20.2.
blob - e2448a42c9108d05751665d95f4cbe3450e63b9d
blob + 0469313ac175f6aa1e44db5693542264616f2c79
--- contrib/ngircd.spec
+++ contrib/ngircd.spec
@@ -1,5 +1,5 @@
 %define name    ngircd
-%define version 20.2
+%define version 20.3
 %define release 1
 %define prefix  %{_prefix}