|
Message-ID: <20150208115333.36b3e932@pc>
Date: Sun, 8 Feb 2015 11:53:33 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: lynx: crash when parsing overly long links
On Fri, 06 Feb 2015 18:55:08 -0700
Kurt Seifried <kseifried@...hat.com> wrote:
> Sorry forgot to include the link
>
> https://bugzilla.redhat.com/show_bug.cgi?id=605286
Here's the upstream reference/changelog:
http://lynx.isc.org/current/CHANGES.html#v2.8.8dev.4
quote:
"* limit parsed URIs with new config parameter MAX_URI_SIZE, default
8192 (RedHat #605286, forwarded by Vincent Danen). For arbitrarily long
URIs, alloca() could run out of stack space -TD"
So it got fixed in the 4th dev version of 2.8.8. Everyone who's using
2.8.8 (release version) or above is not affected.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@...eck.de
GPG: BBB51E42
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.