Описание
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| lynx | fixed | 2.8.9dev11-1 | package | |
| lynx-cur | removed | package | ||
| lynx-cur | no-dsa | jessie | package |
Примечания
https://www.openwall.com/lists/oss-security/2016/11/03/4
Slight mitigation and documentation improvement was done in 2.8.9dev.10 upstream
the uplaod to unstable as 2.8.9dev10-1
EPSS
Связанные уязвимости
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
It was found that Lynx doesn't parse the authority component of the URL correctly
EPSS