[pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Thomas Dickey
dickey at his.com
Wed Nov 23 23:36:44 UTC 2016
On Mon, Nov 21, 2016 at 05:40:37PM +1100, Brian May wrote:
> Thomas Dickey <dickey at his.com> writes:
>
> >> So IMHO the warning is obsolete in this specific case, i.e. with "?@"
> >> without "/" before it.
> >
> > I see (for dev.12, then - dev.11 was last night)
>
> When do you expect to release dev.12 with this change?
I'm not certain (I have ongoing changes to xterm and vile which I'd
like to finish also...).
I spent some time today investigating this area in lynx, and
saw some further improvements to make, but am not done yet.
--
Thomas E. Dickey <dickey at invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-lynx-maint/attachments/20161123/53e09f66/attachment.sig>
More information about the pkg-lynx-maint
mailing list