Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')

From:	Brian May
Subject:	Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Date:	Tue, 15 Nov 2016 18:13:59 +1100

Thomas Dickey <address@hidden> writes:

> Interesting enough, when I look at the trace, lynx dev.10 is doing this:

With lynx 2.8.9dev10-1 from Debian unstable, if I type in:

lynx 'http://address@hidden/'

Then I get the following warning that appears on screen for one second
(easy to miss):

Alert!: User/password may appear to be a hostname: 'google.com?' (e.g, 
'google.com')

Then it takes me to http://www.debian.org/
-- 
Brian May <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Axel Beckert, 2016/11/14
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Brian May, 2016/11/14
  - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thorsten Glaser, 2016/11/14
    - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/14
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/14
  - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Brian May <=
    - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/15
    - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/15
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Axel Beckert, 2016/11/15
    - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Joost van Baal-Ilić, 2016/11/15
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Axel Beckert, 2016/11/15
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/15
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Axel Beckert, 2016/11/16
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/16
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Brian May, 2016/11/21
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/23

Prev by Date: Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Next by Date: Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Previous by thread: Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Next by thread: Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Index(es):
- Date
- Thread