Use after free in nNetObject::ClearKnows
nNetObject::TakeOwnership() does not properly what it claims, it forgets to set the owner.
Therefore, if the previously owning client quits while an object where
TakeOwnership() has been called on and there is no other reference to that object,
ClearKnows() executes an additional cleanup path (guarded by an owner check). In that path, a bounce smart pointer may destroy the object, but
ClearKnows() still uses it afterwards.
Originally reported on Launchpad.
The 0.2.8.3 branch was affected still, the issue had been long fixed for 0.2.9.