[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
From: |
Foteos Macrides |
Subject: |
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd) |
Date: |
Tue, 24 Jun 1997 17:57:13 -0500 (EST) |
Duncan Hill <address@hidden> wrote:
>I'm not sure if the entire list got this. I got it because I'm still
>subscribed to the raven list :) So, here it is in case nobody's seen
>it yet.
>[...]
>---------- Forwarded message ----------
>Date: Mon, 23 Jun 1997 17:52:06 -0400 (EDT)
>From: "CERT(sm) Coordination Center" <address@hidden>
>Reply-To: address@hidden
>To: Lynx Developers <address@hidden>
>Cc: "CERT(sm) Coordination Center" <address@hidden>
>Subject: VU#5135 (Lynx vulnerability?)
>[...]
I'm CCing this to address@hidden, and the message is written
primarily for Rob McMillan at that address.
Thank you for attempting to inform the Lynx developers
about the vulerability to spoofing on Unix via externally provided
LYNXDOWNLOAD URLs. Unfortunately, the message was sent to
address@hidden, which is a long defunct list. The
current list for contacting Lynx developers is:
address@hidden
and, fortunately, someone who is still subscribed to the old raven
list recently forwarded the message. Also, please note that the
Lynx home page is:
http://lynx.browser.org/
and from there you can access a large body of recent, reasonably
accurate information about Lynx.
The vulnerability is being discussed in address@hidden,
and you can access that discussion via the lynx-dev archives:
http://www.flora.org/lynx-dev/html/
I have made patches which plug the vulnerability available in:
http://www.slcc.edu/lynx/fote/patches/
Once the lynx-dev group has a chance to check them out, one of
the active developers should contact you about an offical patch
for the current formally released version of Lynx, which is
v2.7.1, and access to it should be made available via links
in the http://lynx.browser.org/ home page.
Fote
=========================================================================
Foteos Macrides Worcester Foundation for Biomedical Research
address@hidden 222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), (continued)
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Scott McGee (Personal), 1997/06/24
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Scott McGee (Personal), 1997/06/24
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd),
Foteos Macrides <=
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Jan Hlavacek, 1997/06/24
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25