[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Ve

From: Stef Caunter
Subject: Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command Injection Vulnerability
Date: Fri, 28 Oct 2005 17:12:21 -0400 (EDT)

Well it is clearly the same person who made the September reports, which did not discuss nntp or command execution. Seems he didn't bother to report his further findings to the list: it is not like we were hard to find back in September.

Google returns all of these on page one of a "lynx vulnerability" search: full-disclosure/2005-October/038023.html

Yet the last report from the source (of these apparently well-documented submissions to the above) to this list was received and fixed subsequent to Sept. 25, 2005, unless I am missing something.

Perhaps it is unreasonable to expect at least a follow up from the poster, or for the vulnerability database maintainers to find to publish a report to the current developer list?



Any of this related to this thread? I see some Oct 17 2005 reports with the same name (we didn't get anything on the list), but nothing since.

Not directly. I think that what happened was that one of the people on the other mailing list happened to read something about this one (which
was being sent to long-obsolete mailing addresses).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]