-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : xchat Version : 2.8.8-7.1+deb7u1 CVE ID : CVE-2016-2087 Debian Bug : 852275
It was discovered that there was a directory traversal vulnerability in the xchat IRC client which allowed remote IRC servers to read or modify arbitrary files via a ".." in the server name. For Debian 7 "Wheezy", this issue has been fixed in xchat version 2.8.8-7.1+deb7u1. We recommend that you upgrade your xchat packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmMkNIACgkQHpU+J9Qx HlhaWA/8D76DpUss2OIoXlzXeEgcVSuO98GNqWoMFX+hzSdKiOywtw8MfX6eqRsX hegnRSbTPPobejthP4eqJ7mS8LVWAeVtntgGnx8oKseWT4uTx8YX1hjAkhSYQ8Bd cTCPS5kSu10L61TH05gcpiAHJgadT6TzdayayWNEDhnI3Q2p4kmZM5Ns5nPTCMYa jsYWpE8s73Tyoi7vbv93RAPJTITrOPTRI2g4ti7NLzSpzqVSByC6VDejJcqw7Fc9 jDLGIDS0l/EjfCmMcO4fIhOPOvGs55Fyt0h9U7H7txDOxIu5iaBKVfzj4iULW/JA OuBwjOQC6jaFZtC9p4p8/hRFR6inq7yqr3aQKDqdqrzpRjsEZClG3+P0wkvFbVRn o9B3aSVxcZuf2fRH2Bu5pe9NhdruAFCmARL9UHw6X8+Mb2FGk7IrZnPR5IP3qExg 3s/9K2DwfGMEhfS8NnsRVIJG8O77KBFDnQoSiKU9AvEVcLJTCe220UaqjHRY3P2h NQT/PuXOb57HZHzwMz1TA7OUyIlVYqlVFcSYqb8eKPYWS/z+xKNAcoWPCOKDvdkk L5TC3bCMgCcCL2JKvcum324eDAcojjhUuRGz6eDTV/u35jQXzjPcHPw2Wa6dqjz1 NiGVx9x8ydGqEeVLJH8ch35bEbPVXq9ilvIcj6XmH9yZPjG85PA= =HcNJ -----END PGP SIGNATURE-----