[SECURITY] [DLA ] xchat security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : xchat
Version : 2.8.8-7.1+deb7u1
CVE ID : CVE-2016-2087
Debian Bug : 852275
It was discovered that there was a directory traversal vulnerability in
the xchat IRC client which allowed remote IRC servers to read or modify
arbitrary files via a ".." in the server name.
For Debian 7 "Wheezy", this issue has been fixed in xchat version
2.8.8-7.1+deb7u1.
We recommend that you upgrade your xchat packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmMkNIACgkQHpU+J9Qx
HlhaWA/8D76DpUss2OIoXlzXeEgcVSuO98GNqWoMFX+hzSdKiOywtw8MfX6eqRsX
hegnRSbTPPobejthP4eqJ7mS8LVWAeVtntgGnx8oKseWT4uTx8YX1hjAkhSYQ8Bd
cTCPS5kSu10L61TH05gcpiAHJgadT6TzdayayWNEDhnI3Q2p4kmZM5Ns5nPTCMYa
jsYWpE8s73Tyoi7vbv93RAPJTITrOPTRI2g4ti7NLzSpzqVSByC6VDejJcqw7Fc9
jDLGIDS0l/EjfCmMcO4fIhOPOvGs55Fyt0h9U7H7txDOxIu5iaBKVfzj4iULW/JA
OuBwjOQC6jaFZtC9p4p8/hRFR6inq7yqr3aQKDqdqrzpRjsEZClG3+P0wkvFbVRn
o9B3aSVxcZuf2fRH2Bu5pe9NhdruAFCmARL9UHw6X8+Mb2FGk7IrZnPR5IP3qExg
3s/9K2DwfGMEhfS8NnsRVIJG8O77KBFDnQoSiKU9AvEVcLJTCe220UaqjHRY3P2h
NQT/PuXOb57HZHzwMz1TA7OUyIlVYqlVFcSYqb8eKPYWS/z+xKNAcoWPCOKDvdkk
L5TC3bCMgCcCL2JKvcum324eDAcojjhUuRGz6eDTV/u35jQXzjPcHPw2Wa6dqjz1
NiGVx9x8ydGqEeVLJH8ch35bEbPVXq9ilvIcj6XmH9yZPjG85PA=
=HcNJ
-----END PGP SIGNATURE-----
Reply to: