Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')

To: Thomas Dickey <dickey@his.com>, Thomas Dickey <dickey@his.com>, Debian Lynx Packaging Team <pkg-lynx-maint@lists.alioth.debian.org>, Debian Security Team <team@security.debian.org>, debian-lts@lists.debian.org, Lynx Development <lynx-dev@nongnu.org>
Subject: Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
From: Brian May <bam@debian.org>
Date: Mon, 21 Nov 2016 17:40:37 +1100
Message-id: <[🔎] 87fumlfi8q.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 20161116091637.GA7599@vmw-debian7-64.jexium-island.net>
References: <[🔎] 87a8d28rln.fsf@prune.linuxpenguins.xyz> <[🔎] 20161114075334.GA27784@lorien.valinor.li> <[🔎] 20161114125531.GS5130@sym.noone.org> <[🔎] 20161114230521.GB17430@vmw-debian7-64.jexium-island.net> <[🔎] 874m39jjuw.fsf@prune.linuxpenguins.xyz> <[🔎] 20161115090720.GA7604@vmw-debian7-64.jexium-island.net> <[🔎] 20161115100616.GA17665@vmw-debian7-64.jexium-island.net> <[🔎] 20161115233056.GZ5130@sym.noone.org> <[🔎] 20161116003334.GA40992@vmw-debian7-64.jexium-island.net> <[🔎] 20161116074145.GA5130@sym.noone.org> <[🔎] 20161116091637.GA7599@vmw-debian7-64.jexium-island.net>

Thomas Dickey <dickey@his.com> writes:

>> So IMHO the warning is obsolete in this specific case, i.e. with "?@"
>> without "/" before it.
>
> I see (for dev.12, then - dev.11 was last night)

When do you expect to release dev.12 with this change?

Thanks
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>

References:
- CVE-2016-9179
  - From: Brian May <bam@debian.org>
- Re: CVE-2016-9179
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Re: CVE-2016-9179 (invalid URL parsing with '?')
  - From: Axel Beckert <abe@debian.org>
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Brian May <bam@debian.org>
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Axel Beckert <abe@debian.org>
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Axel Beckert <abe@debian.org>
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>

Prev by Date: Re: Debian LTS - Wheezy repo broken?
Next by Date: monit / CVE-2016-7067
Previous by thread: Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Next by thread: Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Index(es):
- Date
- Thread