The version of X-Chat that was distributed with Debian GNU/Linux 2.2
has a vulnerability in the URL handling code: when a user clicks on
a URL X-Chat will start netscape to view its target. However it
did not check the URL for shell metacharacters, and this could be
abused to trick xchat into executing arbitraty commands. This has been fixed in version 1.4.3-0.1, and we recommend you
upgrade your xchat package(s) immediately. The full advisory is at LWN.net. (This problem affects all X-Chat users, regardless of distribution.)

From a review at securityportal: “I wanted to write a really positive article about Debian 2.2, which was just released a few weeks ago. Unfortunately, I can’t. While Debian itself is a reasonably well-done Linux distribution, it has some major security issues.”

LWN.net interviews Guy “Bud” Tribble, vice president of engineering for Eazel.

Upside.com has a story about Linux Capital Group Inc., a startup dedicated to getting other startups to market. “At first, the timing seemed too good to be true. With the sky-high December valuations on dotcom incubator companies such as CMGI (CMGI) and Internet Capital Group (ICGE), and suddenly Linux Capital Group looked like a can’t-miss prospect.”

VA Linux rolled out a four-way 700MHz Pentium III-based system that company officials promised will be targeted at users looking to speed e-commerce or Web serving applications, reports Infoworld.com. The new model 4450, which can be rack-mounted in a 4-unit, or 7-inches-high form factor, features three independent PCI buses, 64-bit PCI card slots, and a 66MHz PCI bus, which helps quicken RAID and Gigabit Ethernet performance. The system can be set up to hold five 36-gigabyte hard drives. (Full disclosure: VA Linux owns NewsForge.)

The Palm virus threat was short-lived and few users were affected by the destructive software, which unlike a computer virus does not reproduce, reports LATimes.com. But the minimal impact of the Trojan horse masks future danger, ZDNet UK says.

IBM, Hewlett Packard, and Intel have teamed up to form an independent lab for Linux developers to expand the alternative operating system for heavy business tasks, says Interactive Week. The press release is at LinuxPR. More from The Associated Press, and even more from CNet.

From an Inter@active Week column: “Regulations designed to protect my ‘privacy’ or my rights as a ‘consumer’ are not the same as enforcing my rights against fraud or damage.”

From IDG.net: Thirty-four percent of U.S. colleges and universities have banned the music file trading program Napster for Internet users surfing over campus servers, according to a report from technology market research company Gartner Group. As students return to campus from summer vacation, college administrators wrestle with the legal and ethical questions surrounding the controversial program from Napster Inc.

File swapping is back on college campuses — offered by some of the very same colleges that have banned Napster. A group of 40 universities, including Stanford University, will offer students a Web-based memory storage system from I-drive.com that has, as one of its functions, file swapping, according to a story at ZDNet.