[Buildroot] [git commit] package/lynx: add security patch for CVE-2021-38165
Peter Korsgaard
peter at korsgaard.com
Mon Oct 4 21:44:14 UTC 2021
>>>>> "Arnout" == Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=5bb9d79f276551c8fb7a774d8c7bd0f47a9e9809
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which
> allows remote attackers to discover cleartext credentials because they may
> appear in SNI data.
> https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
> Upstream unfortunately does not provide a public VCS (only source
> snapshots), so fetch the security patch from Debian.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list