[pkg-lynx-maint] Bug#991971: Processed: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
Andreas Metzler
ametzler at bebt.de
Sat Aug 7 17:00:19 BST 2021
On 2021-08-07 Debian Bug Tracking System <owner at bugs.debian.org> wrote:
> Processing commands for control at bugs.debian.org:
> > tags 991971 fixed-upstream
> Bug #991971 [lynx] lynx: SSL certificate validation fails with URLs containing user name or user name and password, i.e. https://user:password@host/ and https://user@host/; leaks password in clear text via SNI
> Added tag(s) fixed-upstream.
Hello,
I have just uploaded .9 to experimental. The deadline for bulleye
unblock requests has passed, so we will need to fix this by
security/point release.
@Fellow lynx-maintainers: Do you have a preferred branch name for
bullseye? I would go for "11_bullseye".
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lynx-maint/attachments/20210807/114faa89/attachment.sig>
More information about the pkg-lynx-maint
mailing list