Well it is clearly the same person who made the September reports, which did
not discuss nntp or command execution.
Seems he didn't bother to report his further findings to the list: it is not
like we were hard to find back in September.
Google returns all of these on page one of a "lynx vulnerability" search:
seclists.org/lists/fulldisclosure/2005/Oct/0407.html
lists.grok.org.uk/pipermail/ full-disclosure/2005-October/038023.html
www.checksum.org/cso/message/4730.html
www.insecure.org/sploits/lynx.download.html
Yet the last report from the source (of these apparently well-documented
submissions to the above) to this list was received and fixed subsequent
to Sept. 25, 2005, unless I am missing something.
Perhaps it is unreasonable to expect at least a follow up from the poster, or
for the vulnerability database maintainers to find lynx.isc.org to publish a
report to the current developer list?
Curious!
Stef
Any of this related to this thread? I see some Oct 17 2005 reports with the
same name (we didn't get anything on the list), but nothing since.
Not directly. I think that what happened was that one of the people on the
other mailing list happened to read something about this one (which
was being sent to long-obsolete mailing addresses).
_______________________________________________
Lynx-dev mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/lynx-dev
