Erosion writes "Version 2.8.7 released the 20th of last month has been superseded with 2.8.7a Zed announced on the XChat homepage.

This new version is mainly a bugfix release, as the changelog shows.

The XChat Windows release is shareware. Freeware versions are still being released from the otherwise still available opensource code. One such release is from Silverex but is an older release, 2.8.4."

Read more...

A new version of DMDirc has been released to address a security issue found in the previous release as well as nightly builds. The announcement from the DMDirc homepage urges all users to upgrade as promptly as possible as this issue effects all minor to current versions.

The announcment itself reads like this:

A security vulnerability has been discovered in DMDirc. The implementation of URL handlers allow specially crafted URLs to execute arbitrary programs on the host system. Only custom URL handlers (those listed as "custom commands" in the 'URL Handlers' section of the preferences panel) are vulnerable, and the user has to click on a malicious URL in order for the vulnerability to be exploited. The DMDirc developers have only been successful in using the vulnerability to launch argument-less programs on Linux, but we cannot guarantee that other platforms are not affected.

We have backported the fix for the exploit to the DMDirc 0.5 tree, and DMDirc 0.5.6 has now been released. We highly recommend that anyone using DMDirc 0.5.5 upgrade to DMDirc 0.5.6. Nightly builds of DMDirc up to and including the build released on the 22nd of May (designated revision 4055) are also vulnerable. A nightly build containing the vulnerability fix will be available for download tonight, and we highly recommend that anyone using DMDirc nightly builds upgrade as soon as it is available.

Read more...