Date: Sun, 27 Jul 2008 23:19:29 +0200 From: Pierre-Yves Rofes <py@...too.org> To: oss-security@...ts.openwall.com Subject: Links < 2.1 security issue -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Our links maintainer catched this: http://links.twibright.com/download/ChangeLog http://bugs.gentoo.org/show_bug.cgi?id=231737 Quoting changelog: "Security bug fixed: when "only proxies" is selected, don't pass URLs to external programs" Anyone investigated this, or even has a clue on the potential impact? Not sure if a CVE can be assigned, since this is very (too?) vague... - -- Pierre-Yves Rofes Gentoo Linux Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiM5mEACgkQuhJ+ozIKI5jqogCfdnQPTfA0RFWaSaF7kOD59w2h 8lAAmwSK0w0nKpzrJUuKCejrvkgm7oP6 =trsQ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.