In Win32/64 binary releases of XTelnet sub-project there are vulnerable GnuTLS DLL files. All users ar encouraged to upgrade to the latest version.
All versions of XTelnet sub-project prior to 0.4.4 are affected by these security vulnerabilities. XTelnet 0.4.4 binary relase for Win32 is not affected by known security vulnerabilities. Versions using older GnuTLS library, though on any platform, or custom builds, are vulnerable, that is, both all binary-distributed versions of XTelnet prior to 0.4.4, and those linked against vulnerable GnuTLS library are affected by these vulnerabilities.
There is no known workaround at this time.
Update to the latest version, XTelnet 0.4.4, which is not vulnerable.
All Windows users using binary build are strongly encouraged to download the latest version of XTelnet sub-project.
2009-10-12 - Release of XTelnet 0.4.4, public disclosure - this advisory.
2009-10-12 - Initial revision
Some names used in this document may be registered trademarks of their respective owners.