Re: Draft CERT bulletin (was Re: LYNX-DEV security.html)

[Jonathan Sergent]

Jim wrote:
 ] Yes, use lynx-dev...  I've reformatted the above html a bit so it can be
 ] distributed as text CERT bulletins.  Please review the *two* parts below
 ] before I pass them on to CERT (I've appointed myself go-between :0) 

Okay.  Apparently I'm not the only one who doesn't understand what 
happens to lynx-dev posts by non-subscribers, so clarification from the 
cabal^H^H^H^H^Hlistelves [ :-) ] would be appreciated as to what the 
resender at sig.net is doing to such posts.

My suggested changes to your drafts are at:
http://www.io.com/~sergent/c/cert-index.html

I can keep track of them there if you'd like.  One would hope that
there aren't too many more drafts and that we can have this out
on Monday morning or so.

I think the reasons for the changes I've made (diff -u is your friend)
are self-evident but please post questions.

Can someone gather a list of known public and/or captive lynx sites
and email addresses at which they can be reached so that we can forward
this to them?  Obviously those of you on lynx-dev are aware of the
problem, but I'm sure there are some out there running 2.4.2 or something
like that that should be notified before they have every miscreant
with WWW access knocking at their doorstep.


--jss.
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;