[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA ] xchat security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : xchat
Version        : 2.8.8-7.1+deb7u1
CVE ID         : CVE-2016-2087
Debian Bug     : 852275

It was discovered that there was a directory traversal vulnerability in
the xchat IRC client which allowed remote IRC servers to read or modify
arbitrary files via a ".." in the server name.

For Debian 7 "Wheezy", this issue has been fixed in xchat version
2.8.8-7.1+deb7u1.

We recommend that you upgrade your xchat packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmMkNIACgkQHpU+J9Qx
HlhaWA/8D76DpUss2OIoXlzXeEgcVSuO98GNqWoMFX+hzSdKiOywtw8MfX6eqRsX
hegnRSbTPPobejthP4eqJ7mS8LVWAeVtntgGnx8oKseWT4uTx8YX1hjAkhSYQ8Bd
cTCPS5kSu10L61TH05gcpiAHJgadT6TzdayayWNEDhnI3Q2p4kmZM5Ns5nPTCMYa
jsYWpE8s73Tyoi7vbv93RAPJTITrOPTRI2g4ti7NLzSpzqVSByC6VDejJcqw7Fc9
jDLGIDS0l/EjfCmMcO4fIhOPOvGs55Fyt0h9U7H7txDOxIu5iaBKVfzj4iULW/JA
OuBwjOQC6jaFZtC9p4p8/hRFR6inq7yqr3aQKDqdqrzpRjsEZClG3+P0wkvFbVRn
o9B3aSVxcZuf2fRH2Bu5pe9NhdruAFCmARL9UHw6X8+Mb2FGk7IrZnPR5IP3qExg
3s/9K2DwfGMEhfS8NnsRVIJG8O77KBFDnQoSiKU9AvEVcLJTCe220UaqjHRY3P2h
NQT/PuXOb57HZHzwMz1TA7OUyIlVYqlVFcSYqb8eKPYWS/z+xKNAcoWPCOKDvdkk
L5TC3bCMgCcCL2JKvcum324eDAcojjhUuRGz6eDTV/u35jQXzjPcHPw2Wa6dqjz1
NiGVx9x8ydGqEeVLJH8ch35bEbPVXq9ilvIcj6XmH9yZPjG85PA=
=HcNJ
-----END PGP SIGNATURE-----


Reply to: