[pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Brian May
bam at debian.org
Tue Nov 15 07:13:59 UTC 2016
Thomas Dickey <dickey at his.com> writes:
> Interesting enough, when I look at the trace, lynx dev.10 is doing this:
With lynx 2.8.9dev10-1 from Debian unstable, if I type in:
lynx 'http://google.com?@www.debian.org/'
Then I get the following warning that appears on screen for one second
(easy to miss):
Alert!: User/password may appear to be a hostname: 'google.com?' (e.g, 'google.com')
Then it takes me to http://www.debian.org/
--
Brian May <bam at debian.org>
More information about the pkg-lynx-maint
mailing list