Debian Linux Security Advisory 5725-1 - Johannes Kuhn discovered that messages and channel names are not properly escaped in the modtcl module in ZNC, a IRC bouncer, which could result in remote code execution via specially crafted messages.
368570aecf0054c3f66d17ebf21f445fdadd3ce2525c2403e800b2ff0ae2cba7