Version 2.7.1
By Sébastien Helleu on Thursday, February 20 2020, 21:23 - core - Permalink
Version 2.7.1 is available, it fixes three security vulnerabilities:
- WSA-2020-1: a malformed IRC message 324 (channel mode) can cause a buffer overflow and possibly a crash (CVE-2020-8955)
- WSA-2020-2: a malformed IRC message 352 (WHO) can cause a crash (CVE-2020-9759)
- WSA-2020-3: a new IRC message 005 received with longer nick prefixes can cause a buffer overflow and possibly a crash (CVE-2020-9760).
Upgrade is recommended for all users.