Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 335894 - =www-client/lynx-2.8.8_pre2: Heap-based buffer overflow (CVE-2010-2810)
Summary: =www-client/lynx-2.8.8_pre2: Heap-based buffer overflow (CVE-2010-2810)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://bugs.launchpad.net/ubuntu/+so...
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-09-03 22:00 UTC by Stefan Behte (RETIRED)
Modified: 2011-01-26 03:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 22:00:27 UTC 
CVE-2010-2810 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2810):
  Heap-based buffer overflow in the convert_to_idna function in
  WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through
  2.8.8dev.4 allows remote attackers to cause a denial of service
  (application crash) or possibly execute arbitrary code via a
  malformed URL containing a % (percent) character in the domain name.
Comment 1 Wormo (RETIRED) gentoo-dev 2010-09-11 22:05:19 UTC 
lynx has now been bumped to fixed version 2.8.8_pre5 (aka 2.8.8dev5 in lynx version-naming scheme) and affected ebuild deleted (luckily it was not stable on anything, since it was just a development version).
Comment 2 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2011-01-25 17:06:38 UTC 
If it wasn't stable, this bug can be closed.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-01-26 03:30:07 UTC 
(In reply to comment #2)
> If it wasn't stable, this bug can be closed.
> 

Agreed. Closing noglsa. Thanks, folks.