Two security issues have been discovered in WeeChat, a fast, light and extensible chat client: CVE-2011-1428 X.509 certificates were incorrectly validated. CVE-2012-5534 The hook_process function in the plugin API allowed the execution of arbitrary shell commands.

For the stable distribution (squeeze), these problems have been fixed in version 0.3.2-1+squeeze1. For the testing distribution (wheezy), these problems have been fixed in version 0.3.8-1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 0.3.9.2-1. We recommend that you upgrade your weechat packages.

WeeChat (Wee Enhanced Environment for Chat) is a fast and light chat client for many operating systems. Everything can be done with a keyboard. It is customizable and extensible with plugins/scripts, and includes: - nicklist - smart hotlist - infobar with highlight notification - horizontal and vertical split - double charset support (decode/encode) - FIFO pipe for remote control - and much more!

weechat on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2598.html

---

Updated on 2015-03-25