Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with

From:	Axel Beckert
Subject:	Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?')
Date:	Wed, 16 Nov 2016 00:30:59 +0100
User-agent:	Mutt/1.5.21 (2010-09-15)

Hi Thomas,

Thomas Dickey wrote:
> > > Alert!: User/password may appear to be a hostname: 'google.com?' (e.g, 
> > > 'google.com')
> > > 
> > > Then it takes me to http://www.debian.org/
> > 
> > yes - and I was using the trace to see if I'd gotten the right host.
> > The trace is (based on strace...) incorrect.  I'll fix that.
> 
> Here's the change which I just applied, which seems to work.

At least fixes the redirect target for me.

> If there's no further changes needed, I'll release that as dev.11

I though wonder if the "User/password may appear to be a
hostname" alert is now still needed for that case.

                Regards, Axel
-- 
 ,''`.  |  Axel Beckert <address@hidden>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Axel Beckert, 2016/11/14
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Brian May, 2016/11/14
  - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thorsten Glaser, 2016/11/14
    - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/14
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/14
  - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Brian May, 2016/11/15
    - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/15
    - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/15
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Axel Beckert, 2016/11/15
    - Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?'), Joost van Baal-Ilić, 2016/11/15
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Axel Beckert <=
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/15
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Axel Beckert, 2016/11/16
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/16
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Brian May, 2016/11/21
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Thomas Dickey, 2016/11/23
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), David Woolley, 2016/11/16
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), Ian Collier, 2016/11/16
    - Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?'), David Woolley, 2016/11/16

Prev by Date: Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Next by Date: Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?')
Previous by thread: Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Next by thread: Re: [Lynx-dev] [pkg-lynx-maint] CVE-2016-9179 (invalid URL parsing with '?')
Index(es):
- Date
- Thread