[IRCServices] Services 5.0.60 released

Andrew Church achurch at achurch.org
Sat Mar 24 03:22:11 PDT 2007


     Services 5.0.60 has been released, and can be downloaded from:

http://www.ircservices.za.net/download/   (Japan)
ftp://ftp.esper.net/ircservices/          (Western USA)

c00180091fce3277121d897e0f6f2529  ircservices-5.0.60.tar.gz
3a89cc811aa26bcb7f922388236253a5  ircservices-5.0.60.diff.gz
34f34c690facf1bab88c60c189e2f284  ircservices-5.0.60-1.i386.rpm
715c70cfbf2b1f391606c56f2228a4de  ircservices_5.0.60-1_i386.deb

The mirrors should have it shortly.

     This release changes the semantics of the ChanServ SET PASSWORD
command to remove founder privileges from all users who had previously
identified for the channel, to prevent users who do not know the new
password from performing founder-level operations.  While only a concern
in limited circumstances, this problem can (for example) allow a malicious
user who has stolen a channel password to use the SENDPASS command to
learn the new channel password without having to identify again.  Networks
for which this is a concern should upgrade as soon as possible.

Changes in version 5.0.60
-------------------------
2007/03/24	Changed ChanServ SET PASSWORD to remove founder privileges
		    from any users who had previously identified for the
		    channel (backported from 5.1a13).  Reported by
		    ongeboren <xxx.coder at gmail.com>

  --Andrew Church
    achurch at achurch.org
    http://achurch.org/