[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Ve
Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command Injection Vulnerability
Fri, 28 Oct 2005 17:12:21 -0400 (EDT)
Well it is clearly the same person who made the September reports, which did
not discuss nntp or command execution.
Seems he didn't bother to report his further findings to the list: it is not
like we were hard to find back in September.
Google returns all of these on page one of a "lynx vulnerability" search:
Yet the last report from the source (of these apparently well-documented
submissions to the above) to this list was received and fixed subsequent
to Sept. 25, 2005, unless I am missing something.
Perhaps it is unreasonable to expect at least a follow up from the poster, or
for the vulnerability database maintainers to find lynx.isc.org to publish a
report to the current developer list?
Any of this related to this thread? I see some Oct 17 2005 reports with the
same name (we didn't get anything on the list), but nothing since.
Not directly. I think that what happened was that one of the people on the
other mailing list happened to read something about this one (which
was being sent to long-obsolete mailing addresses).