XChat URL Handler bug affects v1.3.9 up

[zenith parsec <zenith_parsec () THE-ASTRONAUT COM>]

in my previous post i mentioned that all versions of XChat < 1.4.2 were 
potentially vulnerable to commands embedded in URLs by backticking.

after some more research and looking at stuff on the net, 
(http://www.xchat.org/changelog.txt)  
it seems that this bug will only affect XChat versions
1.3.9 and above, up to and including 1.4.2 (the devel
series may also be vulnerable, as there is no mention on the changelog page of this bug.) 
(release 1.3.9 was the first to have editable URL handlers, which seem to be the cause.)

(version 1.2.1 of xchat does not appear to be vulnerable.)

 ----+--
 | zen +###########
 + !  %|          #id -u
 -------          0



Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41