Hi, I've created a patch that fixes this [1] vulnerability, submitted to Debian. Summary: licq doesn't properly filter path info from filenames on incoming filetransfers. I suggest committing it to CVS as soon as possible.
In the mean time, people should only accept files from trusted parties. The patch is available from my website at [2]. (Note that the url has changed slightly.) Enjoy, Tim 1. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=155831&repeatmerged=yes 2. http://gene.wins.uva.nl/~talerven/licq/ -- Tim van Erven <[EMAIL PROTECTED]> OpenPGP Key ID: 712CB811 Fingerprint: F6C9 61EE 242C C012 36D5 BBF8 6310 D557 712C B811 ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Licq-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/licq-devel
