[SECURITY] [DLA 2736-1] lynx security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2736-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
August 09, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : lynx
Version : 2.8.9dev11-1+deb9u1
CVE ID : CVE-2021-38165
Debian Bug : #991971
It was discovered that there was a remote authentication credential
leak in the "lynx" text-based web browser.
The package now correctly handles authentication subcomponents in
URIs (eg. https://user:pass@example.com) to avoid remote attackers
discovering cleartext credentials in SSL connection data.
For Debian 9 "Stretch", this problem has been fixed in version
2.8.9dev11-1+deb9u1.
We recommend that you upgrade your lynx packages.
For the detailed security status of lynx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lynx
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmERSs4ACgkQHpU+J9Qx
HlgucA//c7ki+LbLuP7LPja0/T1XRQjxPvAVvnHixMw+OY/r+FhuP3EsnGyooAVJ
FDKQ8K3lynoOl15bedITEXfYZp3sg4l4mfOP3kF1OYaIow+ONuLjc2IhWNqUf6aD
INZBav/Qlqkr5YA3Gn9xtoQyW12F4DkwsdnsoeT9d+O1XzOphMQi+3q5KurHTak8
7PRhbK5WchNfgTpiXA3u1cBUEJqdLh97kcDTTV6F+YNBJszYZSMqINXS9exdj1ud
51eRVHFsF4G8JDwZSf5+GQH6IGrc8usUPuH/YsDoaEhs8V5QSPP6R7TmPhHSSrOD
p0VXWaVCYzw1PKHjgJhe2n04/T7Vywt/vt4JebJJ0P/o4BpZVbfb8QNeXtqbIaQ9
X/U9SrCd0N29reOk8b9G+VeEZhwe0zCBwTiZUFoTIV6LMXwLHPVYcY/1FXTnt5hu
QX0MNm9k20heJ4YVFJmNi12mG5NE5vKEGOgplN3biiQEsofkIu4Hx5oXraGILN2e
Nv1YLSKe1H12xzlJFExcGDbre1J4pssQjvyKPYVG8L9uYWX86vbTryVReeGMxq4j
ROEjImDJBH1KtEoK9Bp36VjhD/AStzSii4kQ52LJ+CGrytO/Ft+rhxX3pzRyvpEY
EfNSNzWKbWi4tNbkps6FawMUlVHXfQAxTURY3yJYozDVb/AXz8s=
=ig9O
-----END PGP SIGNATURE-----
Reply to: