Debian Linux Security Advisories - The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands. This has been fixed in version 1.4.3-0.1, and we recommend you upgrade your xchat package(s) immediately.
92ea17ad4b9f5d402e151a4484533f7e07caad18dba33aa33f837e36d1ba8144