[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Ve

From: Thomas Dickey
Subject: Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command Injection Vulnerability
Date: Fri, 28 Oct 2005 17:51:09 -0400 (EDT)

On Fri, 28 Oct 2005, Stef Caunter wrote:

Yet the last report from the source (of these apparently well-documented submissions to the above) to this list was received and fixed subsequent to Sept. 25, 2005, unless I am missing something.

yes - I received a report on 8 October, and made a fix that evening.

Perhaps it is unreasonable to expect at least a follow up from the poster, or for the vulnerability database maintainers to find to publish a report to the current developer list?

There are two sets of reports. Ulf Harnhammar reported the earlier problems. He stated that he had a shell exploit based on the HTrjis()
change, and wanted to have the fix and announcement issued concurrently.

Also, he didn't want the CAN-number on my interim patch - I noticed after
dev.14 that I'd marked the wrong item.  The changelog entry which applies
should read (is in my corrections toward dev.15):

* eliminate fixed-size buffers in HTrjis() and related functions to avoid
  potential buffer overflow in nntp pages (report by Ulf Harnhammar,
  CAN-2005-3120) -TD

Since packagers generally have 2.8.5, they wanted a patch against that.
It was in the context of email discussion of that, which someone mentioned
to the later report that I was the appropriate contact.

I'm actually more interested to see that these vulnerability reports usually are simple to analyze - once noticed. (It would be nice to motivate people to fix harder bugs, such as the display problems for the "-notitle" option ;-)

Speaking of that, I probably would have made some fixes for it, but the
cutoff for dev.14 was determined by the HTrjis() fix.

Thomas E. Dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]