[Bug 1678] Lynx-2.8.5 Vulnerability

blfs-bugs at linuxfromscratch.org blfs-bugs at linuxfromscratch.org
Sat Nov 26 09:43:20 PST 2005


http://blfs-bugs.linuxfromscratch.org/show_bug.cgi?id=1678





------- Additional Comments From randy at linuxfromscratch.org  2005-11-26 10:43 -------
Looking at this issue further (hoping that the original security
vulnerability was the one I pointed the new link to), I don't think
the issue affects BLFS as we don't enable the 'lynxcgi' feature by
default.

As is mentioned in the security bulletin, you must explicitly compile
lynxcgi support into the build using the --enable-lynxcgi-links
switch, which BLFS does not by default.

I think simply mentioning this switch in the "command explanations"
section with a note to not use it because of the security vulnerability
is enough to close the bug.

I'll wait for Archaic to comment and/or close the bug after I update Lynx.



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.



More information about the blfs-book mailing list