On Sat, May 13, 2006 at 09:20:08AM +0200, Martin Schulze wrote: > Alec Berryman wrote: > > Package: lynx > > Version: 2.8.5-2sarge1 > > Followup-For: Bug #296340 > > > > Attached is a patch from OpenBSD to fix CVE-2004-1617. It has been
hmm - no. It's not from OpenBSD. > > reformatted as a dpatch. After applying the patch and rebuilding, pages > > like http://lcamtuf.coredump.cx/mangleme/gallery/lynx_die1.html no > > longer causes lynx to exhaust memory and crash. > > > > Patch obtained from: > > ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/004_lynx.patch > > Thanks a lot. I can confirm that the patch works and looks good. > Will puth the three packages into the buildd network. That's a piece of my patch for lynx 2.8.6dev.8, which one can see here: http://lynx.isc.org/current/index.html Here's the proper cite for it: 2004-11-07 (2.8.6dev.8) * limit TEXTAREA columns to the screen width, and rows to 3 times the screen height (report by FLWM) -TD -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net
pgpRKfWVtHqVy.pgp
Description: PGP signature
