Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Thomas Dickey <dickey@his.com> writes:
> Interesting enough, when I look at the trace, lynx dev.10 is doing this:
With lynx 2.8.9dev10-1 from Debian unstable, if I type in:
lynx 'http://google.com?@www.debian.org/'
Then I get the following warning that appears on screen for one second
(easy to miss):
Alert!: User/password may appear to be a hostname: 'google.com?' (e.g, 'google.com')
Then it takes me to http://www.debian.org/
--
Brian May <bam@debian.org>
Reply to: