Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')

To: Brian May <bam@debian.org>
Cc: Thomas Dickey <dickey@his.com>, Debian Lynx Packaging Team <pkg-lynx-maint@lists.alioth.debian.org>, Debian Security Team <team@security.debian.org>, debian-lts@lists.debian.org, Lynx Development <lynx-dev@nongnu.org>
Subject: Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
From: Thomas Dickey <dickey@his.com>
Date: Wed, 23 Nov 2016 18:36:44 -0500
Message-id: <[🔎] 20161123233644.GA40395@vmw-debian7-64.jexium-island.net>
Reply-to: dickey@his.com
In-reply-to: <[🔎] 87fumlfi8q.fsf@prune.linuxpenguins.xyz>
References: <[🔎] 20161114125531.GS5130@sym.noone.org> <[🔎] 20161114230521.GB17430@vmw-debian7-64.jexium-island.net> <[🔎] 874m39jjuw.fsf@prune.linuxpenguins.xyz> <[🔎] 20161115090720.GA7604@vmw-debian7-64.jexium-island.net> <[🔎] 20161115100616.GA17665@vmw-debian7-64.jexium-island.net> <[🔎] 20161115233056.GZ5130@sym.noone.org> <[🔎] 20161116003334.GA40992@vmw-debian7-64.jexium-island.net> <[🔎] 20161116074145.GA5130@sym.noone.org> <[🔎] 20161116091637.GA7599@vmw-debian7-64.jexium-island.net> <[🔎] 87fumlfi8q.fsf@prune.linuxpenguins.xyz>

On Mon, Nov 21, 2016 at 05:40:37PM +1100, Brian May wrote:
> Thomas Dickey <dickey@his.com> writes:
> 
> >> So IMHO the warning is obsolete in this specific case, i.e. with "?@"
> >> without "/" before it.
> >
> > I see (for dev.12, then - dev.11 was last night)
> 
> When do you expect to release dev.12 with this change?

I'm not certain (I have ongoing changes to xterm and vile which I'd
like to finish also...).

I spent some time today investigating this area in lynx, and
saw some further improvements to make, but am not done yet.

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: CVE-2016-9179 (invalid URL parsing with '?')
  - From: Axel Beckert <abe@debian.org>
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Brian May <bam@debian.org>
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>
- Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Axel Beckert <abe@debian.org>
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Axel Beckert <abe@debian.org>
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Thomas Dickey <dickey@his.com>
- Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
  - From: Brian May <bam@debian.org>

Prev by Date: Re: monit / CVE-2016-7067
Next by Date: Re: asterisk support
Previous by thread: Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Next by thread: Re: CVE-2016-9179
Index(es):
- Date
- Thread