[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')

From: Brian May
Subject: Re: [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')
Date: Tue, 15 Nov 2016 18:13:59 +1100

Thomas Dickey <address@hidden> writes:

> Interesting enough, when I look at the trace, lynx dev.10 is doing this:

With lynx 2.8.9dev10-1 from Debian unstable, if I type in:

lynx 'http://address@hidden/'

Then I get the following warning that appears on screen for one second
(easy to miss):

Alert!: User/password may appear to be a hostname: '' (e.g, 

Then it takes me to
Brian May <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]