Debian-LTS has issued an advisory on June 21:
The issue is fixed upstream in 26rc2.
Mageia 7 is also affected.
The updated package fixes a security vulnerability:
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. (CVE-2020-14148)
Updated package in core/updates_testing:
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 11082 for test, but info there is quite sparse.
Attaching the files I edited.
# systemctl start ngircd
[root@mach5 ~]# systemctl -l status ngircd
● ngircd.service - Next Generation IRC Daemon
Loaded: loaded (/usr/lib/systemd/system/ngircd.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2020-07-03 14:19:00 CEST; 3s ago
Main PID: 7703 (ngircd)
Tasks: 1 (limit: 4915)
└─7703 /usr/sbin/ngircd -n
Jul 03 14:19:00 mach5.hviaene.thuis systemd: Started Next Generation IRC Daemon.
Jul 03 14:19:00 mach5.hviaene.thuis ngircd: [7703:3 0] Can't read MOTD file "/etc/ngircd.motd": No such file or dire>
Jul 03 14:19:00 mach5.hviaene.thuis ngircd: [7703:4 0] No administrative information configured but required by RFC!
Jul 03 14:19:00 mach5.hviaene.thuis ngircd: [7703:5 0] ngIRCd 25-IPv6+IRCPLUS+PAM+SSL+SYSLOG+TCPWRAP+ZLIB-x86_64/mag>
Jul 03 14:19:00 mach5.hviaene.thuis ngircd: [7703:6 0] Using configuration file "/etc/ngircd.conf" ...
Jul 03 14:19:00 mach5.hviaene.thuis ngircd: [7703:6 0] Running as user ngircd(976), group ngircd(968), with PID 7703.
Jul 03 14:19:00 mach5.hviaene.thuis ngircd: [7703:6 0] Not running with changed root directory.
provided a ngircd.motd file, that got rid of this message.
Tried to connect with Hexchat, but got no further than "Access denied: bad password?"
Not sure whether the channel key file has to be just the <channelname>.key (as attached, or #<channelname>.key. Provided both (just copy and rename the file), but to no avail.
When I try to attach the conf file (15kb) I get: Software error:
Malformed multipart POST: data truncated