OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 18-Feb-2003 17:00:58 Branch: HEAD Handle: 2003021816005700 Modified files: openpkg-web/security OpenPKG-SA-2003.011-lynx.txt Log: final signing Summary: Revision Changes Path 1.2 +12 -3 openpkg-web/security/OpenPKG-SA-2003.011-lynx.txt ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.011-lynx.txt ============================================================================ $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2003.011-lynx.txt --- openpkg-web/security/OpenPKG-SA-2003.011-lynx.txt 18 Feb 2003 15:13:06 -0000 1.1 +++ openpkg-web/security/OpenPKG-SA-2003.011-lynx.txt 18 Feb 2003 16:00:57 -0000 1.2 @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project @@ -19,12 +22,12 @@ Description: Ulf Harnhammar posted information [0] reporting a "CRLF Injection" - problem with Lynx [1] 2.8.4 and earlier. It is possible to inject + problem with Lynx [1] 2.8.4 and earlier. It is possible to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, - and other whitespace characters. This way, scripts that use Lynx for + and other whitespace characters. This way, scripts that use Lynx for downloading files access the wrong site on a web server with multiple - virtual hosts. The Common Vulnerabilities and Exposures (CVE) project + virtual hosts. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2002-1405 [2] to the problem. Please check whether you are affected by running "<prefix>/bin/rpm -q @@ -72,4 +75,10 @@ the command "gpg --verify --keyserver keyserver.pgp.com". ________________________________________________________________________ +-----BEGIN PGP SIGNATURE----- +Comment: OpenPKG <[EMAIL PROTECTED]> +iD8DBQE+UlhugHWT4GPEy58RAr9NAKC7MXEp1KbGF9hBdS54B0lAg5ZeSACg0tKk +ugQtWNDCopogBsrxmMgAlx0= +=+o01 +-----END PGP SIGNATURE----- @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]