Hi Mattia, On Sat, Jun 03, 2017 at 10:56:30PM +0200, Moritz Muehlenhoff wrote: > On Mon, Jan 23, 2017 at 06:31:18AM +0100, Salvatore Bonaccorso wrote: > > Source: hexchat > > Version: 2.10.1-1 > > Severity: important > > Tags: security > > > > Hi, > > > > the following vulnerability was published for hexchat. Opening a bug > > to have a BTS reference. > > > > CVE-2016-2087[0]: > > | Directory traversal vulnerability in the client in HexChat 2.11.0 > > | allows remote IRC servers to read or modify arbitrary files via a .. > > | (dot dot) in the server name. > > > > As noted by Mattia Rizzolo already, the fixing commit is reverted in > > the Debian packaging due to regression for some usecases, and waiting > > for a better fix. > > What's the status? Is there now a proper fix?
Do you have news on the above query from Moritz? Regards, Salvatore
