On 2012-12-12 12:03:39 +0100, Vincent Lefevre wrote:
> The problem occurs when $LYNX_CFG is set, including to an empty
> config file.
>
> I can reproduce the problem on my two Debian/unstable machines, but
> not on a Debian 6.0.6 machine, where my user config is the same.
I've reverted to lynx-cur 2.8.8dev.14-1 on Debian/unstable, and
the problem doesn't occur. After reinstalling 2.8.8dev.15-1, the
problem occurs again. The changelog is:
lynx-cur (2.8.8dev.15-1) unstable; urgency=low
* New Upstream Release.
- Fixed a security bug, CVE-2012-5821: improve checking of certificates
in the gnutls_certificate_verify_peers2() by handling special case where
self-signed certificates should be reported (patch by Jamie Strandboge).
(Closes: #692443)
- revise nsl-fork logic for passing addrinfo and hostent data back
to eliminate fixed limit on the number of records to return
(Closes: #691904)
- corrected position of highlighting from search/whereis function when using
multibyte characters. (Closes: #673385)
* Updated patches files in debian/patches.
-- Atsuhito KOHDA <[email protected]> Wed, 21 Nov 2012 21:54:10 +0900
I suppose that the fix of CVE-2012-5821 is wrong.
--
Vincent Lefèvre <[email protected]> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
