Date: Thu, 3 Nov 2016 18:54:35 -0400 From: Leo Famulari <leo@...ulari.name> To: oss-security@...ts.openwall.com Cc: dickey@...isible-island.net, fulldisclosure@...lists.org, cve-assign@...re.org Subject: Re: CVE request:Lynx invalid URL parsing with '?' On Thu, Nov 03, 2016 at 05:58:14PM +0800, redrain root wrote: > I can't find any bugtracker in lynx ,so i will disclose by this mail and > sent to the author dickey@...isible-island.net. > > redrain (rootredrain@...il.com) > Date:2016-11-03 > Version: 2.8.8pre.4、2.8.9dev.8 and earlier FYI, as far as I can tell, this bug is present in 2.8.9dev.9 as well. Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ