"A security issue has been discovered in Links, which can be exploited by malicious people to conduct spoofing attacks.
The problem is that the certificate presented by a server at the beginning of an SSL session is not verified. This can be exploited to spoof valid servers via a man-in-the-middle attack.
The security issue is confirmed in version 2.2. Other versions may also be affected."
ive added the fix that Debian has to 2.3_pre1-r1 and so that version can be stabilized i think
works for me on amd64
Seems also good to go on x86 here.
Tested OK on SPARC, stabilisation would be good.
Stable for HPPA.
x86 done. Thanks Andreas!
sparc done, thanks Alex Buell
GLSA Vote: yes
Yes, too. GLSA request filed.
This issue was resolved and addressed in
GLSA 201206-32 at http://security.gentoo.org/glsa/glsa-201206-32.xml
by GLSA coordinator Stefan Behte (craig).