Date: Fri, 25 Aug 2000 11:24:57 -0300 To: lwn@lwn.net, bugtraq@securityfocus.com, security-alert@linuxsecurity.com Subject: Conectiva Linux Security Announcement - xchat From: secure@conectiva.com.br ----------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ----------------------------------------------------------------------- PACKAGE : xchat SUMMARY : Commands inside URLs can be executed by xchat DATE : 2000-08-25 11:24:00 RELEVANT RELEASES : 4.2, 5.0, prg gráficos, ecommerce, 5.1 ---------------------------------------------------------------------- DESCRIPTION The IRC client Xchat allows one to right-click an URL and open many different browsers with it. This is done by opening the broswer via the shell, and commands inside the URL could be expanded by the shell and executed. SOLUTION All Xchat users should upgrade. DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/xchat-1.4.2-4cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/xchat-1.4.2-4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/xchat-1.4.2-4cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/xchat-1.4.2-4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/xchat-1.4.2-4cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/xchat-1.4.2-4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/xchat-1.4.2-4cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/xchat-1.4.2-4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/xchat-1.4.2-4cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/xchat-1.4.2-4cl.i386.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key can be obtained at http://www.conectiva.com.br/contato ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br