It took almost 2 years for a new release, and even then it consists mostly of bugfixes of which one fixes a serious issue.
Version 1.6.19 of the popular IRC bot Eggdrop fixes a buffer overflow issue in the server module. It is exploitable by a malicious server. As long as the bot connects to a reputable server it should be OK.
IRC-Junkie tried to contact Guppy with a few questions but has received no reply so far, partly explaining the delay in reporting this new release.
A list of all updates according to the updates.txt file:
- Update the recommended TCL version to 8.5
- Updated Copyright dates
- added [sL] and thommey to the AUTHORS file
- load blowfish by default
- added a TCL to handle the PONG :<cookie> junk on some EFnet servers
- add a simple TCL to handle the PASS <numbers> junk on some Undernet servers
- add support for chanmode +T
- CTCP parsing was broken by the servmsg.c buffer overflow patch
- Fixed a couple of typos in the FEATURES file.
- Fixed two buffer overflows in servmsg.c (CVE-2007-2807).
- Fixed compatibility problems with certain time_t implementations.
- Complete raw traffic wasn’t getting logged in some cases; only the raw command itself was. Fixed.