[Secure-testing-team] Bug#594300: CVE-2010-2810: Heap-based buffer overflow
Giuseppe Iuculano
iuculano at debian.org
Wed Aug 25 07:18:39 UTC 2010
Package: lynx-cur
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lynx-cur.
CVE-2010-2810[0]:
| Heap-based buffer overflow in the convert_to_idna function in
| WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through
| 2.8.8dev.4 allows remote attackers to cause a denial of service
| (application crash) or possibly execute arbitrary code via a malformed
| URL containing a % (percent) character in the domain name.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2810
http://security-tracker.debian.org/tracker/CVE-2010-2810
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkx0w80ACgkQNxpp46476aroEgCeL1nbj8J2tIr13q2y4Bc712rU
uncAnjVm0hTC4nESvaq7j1RV50gkVlQZ
=L8OU
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list