[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2003.011-lynx.txt

Tue, 18 Feb 2003 08:00:00 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   18-Feb-2003 17:00:58
  Branch: HEAD                             Handle: 2003021816005700

  Modified files:
    openpkg-web/security    OpenPKG-SA-2003.011-lynx.txt

  Log:
    final signing

  Summary:
    Revision    Changes     Path
    1.2         +12 -3      openpkg-web/security/OpenPKG-SA-2003.011-lynx.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2003.011-lynx.txt
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2003.011-lynx.txt
  --- openpkg-web/security/OpenPKG-SA-2003.011-lynx.txt 18 Feb 2003 15:13:06 -0000     
 1.1
  +++ openpkg-web/security/OpenPKG-SA-2003.011-lynx.txt 18 Feb 2003 16:00:57 -0000     
 1.2
  @@ -1,3 +1,6 @@
  +-----BEGIN PGP SIGNED MESSAGE-----
  +Hash: SHA1
  +
   ________________________________________________________________________
   
   OpenPKG Security Advisory                            The OpenPKG Project
  @@ -19,12 +22,12 @@
   
   Description:
     Ulf Harnhammar posted information [0] reporting a "CRLF Injection"
  -  problem with Lynx [1] 2.8.4 and earlier.  It is possible to inject
  +  problem with Lynx [1] 2.8.4 and earlier. It is possible to inject
     false HTTP headers into an HTTP request that is provided on the
     command line, via a URL containing encoded carriage return, line feed,
  -  and other whitespace characters.  This way, scripts that use Lynx for
  +  and other whitespace characters. This way, scripts that use Lynx for
     downloading files access the wrong site on a web server with multiple
  -  virtual hosts.  The Common Vulnerabilities and Exposures (CVE) project
  +  virtual hosts. The Common Vulnerabilities and Exposures (CVE) project
     assigned the id CAN-2002-1405 [2] to the problem.
   
     Please check whether you are affected by running "<prefix>/bin/rpm -q
  @@ -72,4 +75,10 @@
   the command "gpg --verify --keyserver keyserver.pgp.com".
   ________________________________________________________________________
   
  +-----BEGIN PGP SIGNATURE-----
  +Comment: OpenPKG <[EMAIL PROTECTED]>
   
  +iD8DBQE+UlhugHWT4GPEy58RAr9NAKC7MXEp1KbGF9hBdS54B0lAg5ZeSACg0tKk
  +ugQtWNDCopogBsrxmMgAlx0=
  +=+o01
  +-----END PGP SIGNATURE-----
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to