Opened 2 years ago

Closed 2 years ago

#15849 closed enhancement (fixed)

Patch lynx against CVE-2021-38165

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:


As mentioned in blfs-dev:


About Lynx: There is already a patch for CVE-2021-38165, and it is not mentioned in the BLFS manual.Description of CVE-2021-38165: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.


Rated as 5.3 Medium by NVD.

Change History (4)

comment:2 by Douglas R. Reno, 2 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:3 by Douglas R. Reno, 2 years ago

Typing this from within Lynx - patch appears to be working properly. Just need to apply the header and submit it and this ticket will be good to go.

comment:4 by Douglas R. Reno, 2 years ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.