Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <402a5fef90b34b4d944e9a62a089723a@imshyb02.MITRE.ORG>
Date: Fri, 4 Nov 2016 03:03:42 -0400
From: <cve-assign@...re.org>
To: <rootredrain@...il.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<dickey@...isible-island.net>
Subject: Re: CVE request:Lynx invalid URL parsing with '?'

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> lynx  "http://google.com?@...kdog.me/"
> wrongly make lynx send a request to hackdog.me

Use CVE-2016-9179.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYHDILAAoJEHb/MwWLVhi2dR0P/2Zr1VU0tQcBP4Tu543JzPV6
CiHZdspG7fRKuCOaH8QHFHXFWksirFSumHfSPSLt8QjQ9IQJc9iCqan/0Zg4A/5C
yNSnpqdHMfGMK/z+oiuFBNbqEu3ik1DS63a3KR/H9O1qqfyDAx3BeAbXIV3GLNi1
JqspcJy6XB/O0s2N5K8FfjG2/mwhAX+tESncJB7qssqR4x6DXfADXCeYmGcaE3Y2
iucJGwM8mtJRWLibqIbg8zbtVImCkRMD5XC00ZbVY/i8+4DwE972Z1solumACD0i
bI4y1T+5I8MEndCJiZ2viHqD/BItfjaPS6swEnV713WE1/5xTT1b/ser/lSZ0OwE
/0lB04X1OmlU/cO2c+zzarkYlJYAzIZz6PedMy0oSO5CkZ3RsyqkTTxj9EueE12F
Fcwoe01zZGNUmbz+C+2ObAn+nP7uFowG59ojfbOBE0oTpFBXiR9EypvkshehwU9S
M0vgX+PZ8CTH8+Cy83f9A3JPdIDkdJYg59QOWZ5FslI0PdgTPxyKNfxobesf/nFV
VmTMa6ht8uxfYZ/9w9BnwwJOC0641SvxpMBa2fRaUFiY8Iham+UOa6IljtVd5y2F
hL7C2lVNracS2pCUSvL8JobCjaA5HPgKni/jf1chHjkRtMouWu0jDi8hdZQwI6W4
tyL6v/kL4pVDf4OSBXw9
=21bX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.