August 30, 2000

X-Chat security update

Author: JT Smith

The version of X-Chat that was distributed with Debian GNU/Linux 2.2
has a vulnerability in the URL handling code: when a user clicks on
a URL X-Chat will start netscape to view its target. However it
did not check the URL for shell metacharacters, and this could be
abused to trick xchat into executing arbitraty commands. This has been fixed in version 1.4.3-0.1, and we recommend you
upgrade your xchat package(s) immediately. The full advisory is at (This problem affects all X-Chat users, regardless of distribution.)


  • Linux
Click Here!