In Win32/64 binary releases of XTelnet sub-project there are vulnerable GnuTLS DLL files. All users ar encouraged to upgrade to the latest version.
In-depth
All versions of XTelnet sub-project prior to 0.4.4 are affected by these security vulnerabilities. XTelnet 0.4.4 binary relase for Win32 is not affected by known security vulnerabilities. Versions using older GnuTLS library, though on any platform, or custom builds, are vulnerable, that is, both all binary-distributed versions of XTelnet prior to 0.4.4, and those linked against vulnerable GnuTLS library are affected by these vulnerabilities.
Workaround
There is no known workaround at this time.
Solution
Update to the latest version, XTelnet 0.4.4, which is not vulnerable.
All Windows users using binary build are strongly encouraged to download the latest version of XTelnet sub-project.
Time line
2009-10-12 - Release of XTelnet 0.4.4, public disclosure - this advisory.
Cahngelog
2009-10-12 - Initial revision
Legal notice
Some names used in this document may be registered trademarks of their respective owners.