[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Alleged Lynx security emergency
From: |
Jim Spath (Webmaster Jim) |
Subject: |
Re: LYNX-DEV Alleged Lynx security emergency |
Date: |
Tue, 1 Jul 1997 06:37:36 -0400 (EDT) |
On Mon, 30 Jun 1997, Thomas Jones wrote:
> There is a story making the rounds that CERT, the Computer Emergency
> Response Team at Carnegie-Mellon, has spotted a security vulnerability
> in the -Lynx- (text-only) browser. Is this true? I note that there is no
> advisory to this effect in comp.security.announce.
Yes, there was a hole in the LYDOWNLOAD processing. Fote has fixed it.
See the following:
www.flora.org/lynx-dev/html/month0697/msg00250.html
" /msg00317.html
" /msg00321.html
> The reason why I am raising the issue is that a major local online
> system, called "Sailor," has put an electronic block in its Lynx Internet
> service, thinking that the block will somehow protect it from this
> [alleged] Lynx bug.
I'm ccing them. They're being cautious, as they should be...
------
<http://www.cs.indiana.edu/picons/db/users/us/md/lib/bcpl/jspath/face.xbm>
Marvin the Paranoid Android says:
You are one of the least benighted unintelligent organic life forms
it has been my profound lack of pleasure not to be able to avoid
meeting.
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;