ALT-BU-2024-15070-1
Branch sisyphus_riscv64 update bulletin.
Package lynx updated to version 2.9.2-alt1.rel.0 for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2022-00255
Уязвимость подкомпонента userinfo текстового веб-браузера Lynx, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю получить доступ к конфиденциальным данным
Modified: 2024-11-21
CVE-2021-38165
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- [oss-security] 20210807 Re: Bug#991971: [Lynx-dev] bug in Lynx' SSL certificate validation -> leaks password in clear text via SNI (under some circumstances)
- https://bugs.debian.org/991971
- https://bugs.debian.org/991971
- https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118
- https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118
- [debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update
- [debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update
- FEDORA-2021-57287bd052
- FEDORA-2021-57287bd052
- FEDORA-2021-232161e4d5
- FEDORA-2021-232161e4d5
- FEDORA-2021-f59bda7d94
- FEDORA-2021-f59bda7d94
- https://lynx.invisible-island.net/current/CHANGES.html
- https://lynx.invisible-island.net/current/CHANGES.html
- DSA-4953
- DSA-4953
- https://www.openwall.com/lists/oss-security/2021/08/07/1
- https://www.openwall.com/lists/oss-security/2021/08/07/1
- https://www.openwall.com/lists/oss-security/2021/08/07/11
- https://www.openwall.com/lists/oss-security/2021/08/07/11
Package libgst-rtsp-server updated to version 1.24.9-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2024-10-23
CVE-2024-44331
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.