Hi,
On Sat, 7 Aug 2021, Axel Beckert wrote:
Hi Salvatore, Dear Ariadne,
Salvatore Bonaccorso wrote:
This is more severe than it initially looked like: Due to TLS Server
Name Indication (SNI) the hostname as parsed by Lynx (i.e with
"user:pass@" included) is sent in _clear_ text over the wire
Hi Salvatore, Dear Ariadne,
Salvatore Bonaccorso wrote:
> > This is more severe than it initially looked like: Due to TLS Server
> > Name Indication (SNI) the hostname as parsed by Lynx (i.e with
> > "user:pass@" included) is sent in _clear_ text over the wire even
> > _before_ I can even said
On Sat, Aug 07, 2021 at 08:17:31PM +0200, Salvatore Bonaccorso wrote:
> Hi Axel,
...
> MITRE did assign CVE-2021-38165. MITRE raised the question: Does
> 2.9.0dev.9 (mentioned on the
> https://lynx.invisible-island.net/current/CHANGES.html page) fix the
> entire problem?
>
Hi Axel,
On Sat, Aug 07, 2021 at 03:51:07AM +0200, Axel Beckert wrote:
> Hi,
>
> On Fri, Aug 06, 2021 at 05:14:32PM +, Thorsten Glaser
> wrote in
> https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg0.html:
> > this affects both OpenSSL and Debian’s nonGNUtls builds:
> >
> >
On 2021-08-07 Debian Bug Tracking System wrote:
> Processing commands for cont...@bugs.debian.org:
> > tags 991971 fixed-upstream
> Bug #991971 [lynx] lynx: SSL certificate validation fails with URLs
> containing user name or user name and password, i.e.
> https://user:password@host/ and
Axel Beckert dixit:
>This is more severe than it initially looked like: Due to TLS Server
>Name Indication (SNI) the hostname as parsed by Lynx (i.e with
>"user:pass@" included) is sent in _clear_ text over the wire even
I *ALWAYS* SAID SNI IS A SHIT THING ONLY USED AS BAD EXCUSE FOR NAT
BY
Hi,
On Fri, Aug 06, 2021 at 05:14:32PM +, Thorsten Glaser
wrote in
https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg0.html:
> this affects both OpenSSL and Debian’s nonGNUtls builds:
>
> lynx https://user:pass@host/
>
> … will lead to…
>
> SSL
>
7 matches
Mail list logo