[14191] in bugtraq
Re: lynx - someone is deaf and blind ;)
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Tue Mar 7 09:05:30 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0003042204260.59454-100000@hub.freebsd.org>
Date: Sat, 4 Mar 2000 22:09:06 -0800
Reply-To: Kris Kennaway <kris@HUB.FREEBSD.ORG>
From: Kris Kennaway <kris@HUB.FREEBSD.ORG>
X-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0002271629490.15796-100000@dione.ids.pl>
On Sun, 27 Feb 2000, Michal Zalewski wrote:
> extremely long URLs. I'm not going to give more examples here, as I'm
> afraid I might miss one or two that won't be fixed - developers, use your
> head, take a look at the code and fix every suspected piece of code, not
> only already published / described bugs.
I have just disabled the lynx port/package in FreeBSD. We won't be
shipping it in FreeBSD 4.0, or until this gets addressed. It's a shame
because it's such a popular and useful tool, but the risk to users is just
too great.
Thanks for notifying the world of these problems :)
Kris Kennaway
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
