Date: Sun, 8 Feb 2015 11:53:33 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: lynx: crash when parsing overly long links On Fri, 06 Feb 2015 18:55:08 -0700 Kurt Seifried <kseifried@...hat.com> wrote: > Sorry forgot to include the link > > https://bugzilla.redhat.com/show_bug.cgi?id=605286 Here's the upstream reference/changelog: http://lynx.isc.org/current/CHANGES.html#v2.8.8dev.4 quote: "* limit parsed URIs with new config parameter MAX_URI_SIZE, default 8192 (RedHat #605286, forwarded by Vincent Danen). For arbitrarily long URIs, alloca() could run out of stack space -TD" So it got fixed in the 4th dev version of 2.8.8. Everyone who's using 2.8.8 (release version) or above is not affected. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.