[Buildroot] [git commit] package/lynx: add security patch for CVE-2021-38165

Peter Korsgaard peter at korsgaard.com
Mon Oct 4 21:44:14 UTC 2021


>>>>> "Arnout" == Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be> writes:

 > commit: https://git.buildroot.net/buildroot/commit/?id=5bb9d79f276551c8fb7a774d8c7bd0f47a9e9809
 > branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

 > Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which
 > allows remote attackers to discover cleartext credentials because they may
 > appear in SNI data.

 > https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html

 > Upstream unfortunately does not provide a public VCS (only source
 > snapshots), so fetch the security patch from Debian.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
 > Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>

Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list