Package: lynx Version: 2.8.5-2sarge1 Followup-For: Bug #296340 Attached is a patch from OpenBSD to fix CVE-2004-1617. It has been reformatted as a dpatch. After applying the patch and rebuilding, pages like http://lcamtuf.coredump.cx/mangleme/gallery/lynx_die1.html no longer causes lynx to exhaust memory and crash.
Patch obtained from: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/004_lynx.patch -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.16-alec-laptop Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages lynx depends on: ii libbz2-1.0 1.0.3-2 high-quality block-sorting file co ii libc6 2.3.6-7 GNU C Library: Shared libraries ii libgnutls11 1.0.16-14+b1 GNU TLS library - runtime library ii libncursesw5 5.5-2 Shared libraries for terminal hand ii zlib1g 1:1.2.3-11 compression library - runtime Versions of packages lynx recommends: ii mime-support 3.36-1 MIME files 'mime.types' & 'mailcap -- no debconf information
04_CVE-2004-1617.dpatch
Description: application/shellscript
