Package: lynx-cur Version: 2.8.8dev.1-1 Severity: normal Tags: l10n
Lynx crashed with a bus error when I attempted to use it to poke at an URL from a spam I'd gotten. Upgrading to 2.8.8dev.1-1 fixed the crash on the unmodified page, but a slightly modified version of the spammer's page still crashes with a signal 11. Since it's a spammer's page, it's highly possible that it'll try to install malware of some sort when visited, (and also possible that the Lynx crash is a failed exploit - or a successful exploit that's managed to hide everything but the crash from me), and the copy on my site has only been changed enough to make it crash the latest Lynx in testing; I have NOT done anything that would remove a malicious payload from it. That being said, LANG=en_US.UTF-8 lynx http://deekoo.net/peeves/spam/signal11.html will crash; LANG=C lynx http://deekoo.net/peeves/spam/signal11.html will not crash. The previous version of Lynx from testing that I was using (I don't, unfortunately, remember the version I was using) would crash in an assortment of different ways (bus error, signal 11, dump message) depending on how I changed the offending page; it wouldn't crash if I removed the ar-sa or windows-1256 meta tags from the page. (And my email address should be deliverable - hopefully its length will break address extractors, though.) -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (700, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lynx-cur depends on: ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy ii libbsd0 0.1.6-1 utility functions from BSD systems ii libc6 2.9-25 GNU C Library: Shared libraries ii libgcrypt11 1.4.4-4 LGPL Crypto library - runtime libr ii libgnutls26 2.8.4-1 the GNU TLS library - runtime libr ii libncursesw5 5.7+20090803-2 shared libraries for terminal hand ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime Versions of packages lynx-cur recommends: ii mime-support 3.46-1 MIME files 'mime.types' & 'mailcap Versions of packages lynx-cur suggests: pn lynx-cur-wrapper <none> (no description available) -- debconf information: * lynx-cur/etc_lynx.cfg: lynx-cur/defaulturl: http://www.deekoo.net/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
