Re: XChat URL Handler bug affects v1.3.9 up

[chrome <chrome () ELLTEL NET>]

Verfified bug exists on [x]chat 1.5.5.

Later,
c.t.
| chromium tensility ; chrome () elltel net ; another linux guru in training |
| kthulhu & co. went to yuggoth, and all i got was this lousy sig ; fn0rd |

On Fri, 18 Aug 2000, zenith parsec wrote:

> in my previous post i mentioned that all versions of XChat < 1.4.2 were
> potentially vulnerable to commands embedded in URLs by backticking.
> after some more research and looking at stuff on the net,
> (http://www.xchat.org/changelog.txt)
> it seems that this bug will only affect XChat versions
> 1.3.9 and above, up to and including 1.4.2 (the devel
> series may also be vulnerable, as there is no mention on the changelog page
> of this bug.) (release 1.3.9 was the first to have editable URL handlers,
> which seem to be the cause.)
>
> (version 1.2.1 of xchat does not appear to be vulnerable.)