oss-security - Links < 2.1 security issue

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Sun, 27 Jul 2008 23:19:29 +0200
From: Pierre-Yves Rofes <py@...too.org>
To: oss-security@...ts.openwall.com
Subject: Links < 2.1 security issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Our links maintainer catched this:

http://links.twibright.com/download/ChangeLog

http://bugs.gentoo.org/show_bug.cgi?id=231737

Quoting changelog:
"Security bug fixed: when "only proxies" is selected, don't pass URLs
to external programs"


Anyone investigated this, or even has a clue on the potential impact?
Not sure if a CVE can be assigned, since this is very (too?) vague...

- --
Pierre-Yves Rofes
Gentoo Linux Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiM5mEACgkQuhJ+ozIKI5jqogCfdnQPTfA0RFWaSaF7kOD59w2h
8lAAmwSK0w0nKpzrJUuKCejrvkgm7oP6
=trsQ
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.