Package : xchat
Problem type : remote exploit
The version of X-Chat that was distributed with Debian GNU/Linux
2.2 has a vulnerability in the URL handling code: when a user
clicks on a URL X-Chat will start netscape to view its target.
However it did not check the URL for shell metacharacters, and this
could be abused to trick xchat into executing arbitraty commands.
This has been fixed in version 1.4.3-0.1, and we recommend you
upgrade your xchat package(s) immediately.
Update: the powerpc packages mentioned in the first release of
this advisory were linked with a version of libgtk that is not
available in Debian GNU/Linux 2.2. They have been recompiled with
the correct version and reuploaded.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for the alpha, arm, i386, m68k, powerpc and
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.