diff -u dircproxy-1.0.5/src/irc_server.c dircproxy-1.0.5/src/irc_server.c
--- dircproxy-1.0.5/src/irc_server.c
+++ dircproxy-1.0.5/src/irc_server.c
@@ -1078,7 +1078,7 @@
       
         if (!strcmp(cmsg.cmd, "ACTION")) {
           if (p->conn_class->log_events & IRC_LOG_ACTION)
-            irclog_ctcp(p, msg.params[0], msg.src.orig, "%s", cmsg.orig);
+            irclog_ctcp(p, (msg.params != NULL ) ? msg.params[0]: "none", msg.src.orig, "%s", cmsg.orig);
 
         } else if (!strcmp(cmsg.cmd, "DCC")
                    && p->conn_class->dcc_proxy_incoming) {
diff -u dircproxy-1.0.5/debian/changelog dircproxy-1.0.5/debian/changelog
--- dircproxy-1.0.5/debian/changelog
+++ dircproxy-1.0.5/debian/changelog
@@ -1,3 +1,17 @@
+dircproxy (1.0.5-5ubuntu0.1) feisty-security; urgency=low
+
+  * SECURITY UPDATE: irc_server.c in dircproxy 1.2.0 and earlier allows remote
+    attackers to cause a denial of service (segmentation fault) via an ACTION
+    command without a parameter, which triggers a NULL pointer dereference, as
+    demonstrated using a blank /me message from irssi.
+  * src/irc_server.c:  Added fix by Steffen Joeris <white@debian.org>
+    to fix CVE-2007-5226 (LP: #150848)
+  * References:
+    CVE-2007-5226
+    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445883
+
+ -- Stephan Hermann <sh@sourcecode.de>  Tue, 09 Oct 2007 10:09:15 +0200
+
 dircproxy (1.0.5-5) unstable; urgency=low
 
   * Dropped stale dircproxy.net references from README. Thanks, Steen