X-Chat security update

66

Author: JT Smith

The version of X-Chat that was distributed with Debian GNU/Linux 2.2
has a vulnerability in the URL handling code: when a user clicks on
a URL X-Chat will start netscape to view its target. However it
did not check the URL for shell metacharacters, and this could be
abused to trick xchat into executing arbitraty commands. This has been fixed in version 1.4.3-0.1, and we recommend you
upgrade your xchat package(s) immediately. The full advisory is at LWN.net. (This problem affects all X-Chat users, regardless of distribution.)

Category:

  • Linux