CVE-2010-2810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2810): Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.
lynx has now been bumped to fixed version 2.8.8_pre5 (aka 2.8.8dev5 in lynx version-naming scheme) and affected ebuild deleted (luckily it was not stable on anything, since it was just a development version).
If it wasn't stable, this bug can be closed.
(In reply to comment #2) > If it wasn't stable, this bug can be closed. > Agreed. Closing noglsa. Thanks, folks.