>This allows an attacker to cause lynx to execute arbitrary shell code when a >user runs lynx while visiting a directory with attacker-provided contents.
That's inaccurate: the mime files are read at startup, not "while visiting a directory". Reading it from the user's starting directory is as pointed out, not good, but not in the same realm as indicated in the report. -- Thomas E. Dickey <[EMAIL PROTECTED]> http://invisible-island.net ftp://invisible-island.net
signature.asc
Description: Digital signature
