[MBT] new ticket for pkg lynx "CRLF injection"
bugs at pld.org.pl
bugs at pld.org.pl
Thu Jan 9 18:51:51 CET 2003
Date: 2003-01-09 18:51:51+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: CRLF injection
Ticket ID: #526
Ticket URL: http://bugs.pld.org.pl/?bug=526
Package: lynx-2.8.5dev.3-5
Distribution: PLD-Ra.main PLD-1.0.devel.main PLD-1.0.devel.test PLD-1.0.devel.supported
Category: security problem
Current state: opened
Text:
See Debian Security Advisory DSA-210-1:
lynx (a text-only web browser) did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request.
More information about the pld-bugs
mailing list