News archives

2007-06-29: Security bug fixed

Developers have patched a security bug involving the irc:// protocol allowing
a malicious user to run arbitrary KVS code (including "run") with a special crafted
irc:// url.

You can find the advisory at the following urls:
http://secunia.com/secunia_research/2007-56/advisory/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951