Opened 3 years ago
Closed 2 years ago
#15849 closed enhancement (fixed)
Patch lynx against CVE-2021-38165
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
As mentioned in blfs-dev:
--
About Lynx: There is already a patch for CVE-2021-38165, and it is not mentioned in the BLFS manual.Description of CVE-2021-38165: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
--
Rated as 5.3 Medium by NVD.
Change History (4)
comment:1 by , 3 years ago
comment:2 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 2 years ago
Typing this from within Lynx - patch appears to be working properly. Just need to apply the header and submit it and this ticket will be good to go.
comment:4 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
https://github.com/archlinux/svntogit-packages/blob/packages/lynx/trunk/CVE-2021-38165.diff is the required patch