It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM and Zephyr client, is prone to a buffer overflow via its "CC:" handling, which could lead to the execution of arbitrary code. For the stable distribution , this problem has been fixed in version 1.0.1-4+lenny1. For the testing distribution and the unstable distribution , this problem has been fixed in version 1.5.1-1. We recommend that you upgrade your barnowl packages.