Debian Bug report logs - #594300
CVE-2010-2810: Heap-based buffer overflow

version graph

Package: lynx-cur; Maintainer for lynx-cur is Atsuhito KOHDA <kohda@debian.org>; Source for lynx-cur is src:lynx-cur.

Reported by: Giuseppe Iuculano <iuculano@debian.org>

Date: Wed, 25 Aug 2010 07:21:02 UTC

Severity: serious

Tags: fixed-upstream, security

Fixed in version lynx-cur/2.8.8dev.5-1

Done: Atsuhito KOHDA <kohda@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#594300; Package lynx-cur. (Wed, 25 Aug 2010 07:21:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Atsuhito KOHDA <kohda@debian.org>. (Wed, 25 Aug 2010 07:21:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <iuculano@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-2810: Heap-based buffer overflow
Date: Wed, 25 Aug 2010 09:18:39 +0200
Package: lynx-cur
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for lynx-cur.

CVE-2010-2810[0]:
| Heap-based buffer overflow in the convert_to_idna function in
| WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through
| 2.8.8dev.4 allows remote attackers to cause a denial of service
| (application crash) or possibly execute arbitrary code via a malformed
| URL containing a % (percent) character in the domain name.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2810
    http://security-tracker.debian.org/tracker/CVE-2010-2810

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkx0w80ACgkQNxpp46476aroEgCeL1nbj8J2tIr13q2y4Bc712rU
uncAnjVm0hTC4nESvaq7j1RV50gkVlQZ
=L8OU
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#594300; Package lynx-cur. (Wed, 25 Aug 2010 09:57:06 GMT) Full text and rfc822 format available.

Message #8 received at 594300@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Lynx Development <lynx-dev@nongnu.org>
Subject: [Lynx-dev] lynx2.8.8dev.5
Date: Wed, 25 Aug 2010 05:49:07 -0400
[Message part 1 (text/plain, inline)]
The current version of lynx is 2.8.7

It's available at
	http://lynx.isc.org/
	ftp://lynx.isc.org/lynx2.8.7/
2.8.8 Development & patches:
	http://lynx.isc.org/current/index.html

2010-08-25 (2.8.8dev.5)
* modify convert_to_idna() to check for malformed urls (Debian #594300 reports
  this as CVE-2010-2810) -TD
* correct typo in po/makefile.inn from removal of mkdirs.sh in dev.4 (Debian
  #592078) -TD
* correct a sign-extension error in UpdateBoundary(), used for MIME boundary
  computation, broken in dev.4 compiler-warning fixes -TD

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]
[Message part 3 (text/plain, inline)]
_______________________________________________
Lynx-dev mailing list
Lynx-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/lynx-dev

Added tag(s) fixed-upstream. Request was from Thomas Dickey <dickey@his.com> to control@bugs.debian.org. (Thu, 26 Aug 2010 00:30:02 GMT) Full text and rfc822 format available.

Reply sent to Atsuhito KOHDA <kohda@debian.org>:
You have taken responsibility. (Thu, 26 Aug 2010 07:42:21 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <iuculano@debian.org>:
Bug acknowledged by developer. (Thu, 26 Aug 2010 07:42:21 GMT) Full text and rfc822 format available.

Message #15 received at 594300-close@bugs.debian.org (full text, mbox):

From: Atsuhito KOHDA <kohda@debian.org>
To: 594300-close@bugs.debian.org
Subject: Bug#594300: fixed in lynx-cur 2.8.8dev.5-1
Date: Thu, 26 Aug 2010 07:32:10 +0000
Source: lynx-cur
Source-Version: 2.8.8dev.5-1

We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive:

lynx-cur-wrapper_2.8.8dev.5-1_all.deb
  to main/l/lynx-cur/lynx-cur-wrapper_2.8.8dev.5-1_all.deb
lynx-cur_2.8.8dev.5-1.diff.gz
  to main/l/lynx-cur/lynx-cur_2.8.8dev.5-1.diff.gz
lynx-cur_2.8.8dev.5-1.dsc
  to main/l/lynx-cur/lynx-cur_2.8.8dev.5-1.dsc
lynx-cur_2.8.8dev.5-1_i386.deb
  to main/l/lynx-cur/lynx-cur_2.8.8dev.5-1_i386.deb
lynx-cur_2.8.8dev.5.orig.tar.gz
  to main/l/lynx-cur/lynx-cur_2.8.8dev.5.orig.tar.gz
lynx_2.8.8dev.5-1_all.deb
  to main/l/lynx-cur/lynx_2.8.8dev.5-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 594300@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Atsuhito KOHDA <kohda@debian.org> (supplier of updated lynx-cur package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 26 Aug 2010 09:50:33 +0900
Source: lynx-cur
Binary: lynx-cur lynx-cur-wrapper lynx
Architecture: source all i386
Version: 2.8.8dev.5-1
Distribution: unstable
Urgency: high
Maintainer: Atsuhito KOHDA <kohda@debian.org>
Changed-By: Atsuhito KOHDA <kohda@debian.org>
Description: 
 lynx       - Text-mode WWW Browser (transitional package)
 lynx-cur   - Text-mode WWW Browser with NLS support (development version)
 lynx-cur-wrapper - Wrapper for lynx-cur
Closes: 489360 490265 575922 592718 594300
Changes: 
 lynx-cur (2.8.8dev.5-1) unstable; urgency=high
 .
   * New upstream release.  This should fix a security bug so urgency=high.
   * Fixed a security bug, CVE-2010-2810  (Closes: #594300)
   * A fix for #592078 with patch-3 is not necessary so removed it.
   * Some bugs forgotten to be closed.
    - unable to reproduce. (Closes: #575922)
    - a problem of gnutls. (Closes: #592718)
    - if necessary, please reopen. (Closes: #490265)
    - only a report of a patch for 2.8.7dev9-1.1 (Closes: #489360)
Checksums-Sha1: 
 860d7c7e87cb4f9b3dc74e4ccb1ae3f1cb56d646 1181 lynx-cur_2.8.8dev.5-1.dsc
 3ac9ca1cb38f8d380828e9fd4efce2b8e972dccf 3451625 lynx-cur_2.8.8dev.5.orig.tar.gz
 3265b377743620d4b428d2da67e377b8e3b6cc98 31898 lynx-cur_2.8.8dev.5-1.diff.gz
 17633e1ce71deb92a2012428ed455623dec38736 219948 lynx-cur-wrapper_2.8.8dev.5-1_all.deb
 359ebd078fdd742df42636bd7a2fb088cd00229f 217418 lynx_2.8.8dev.5-1_all.deb
 080d9cb862d77f0e76ec8809081b3931f3b6a91c 2114860 lynx-cur_2.8.8dev.5-1_i386.deb
Checksums-Sha256: 
 d000fe5cfb0e8405a7729eafc696cc8b17291570ed48670e2ecf23d437905aa4 1181 lynx-cur_2.8.8dev.5-1.dsc
 d2fe593505d7f33f46f5a9ae20ee2e55bbbb614fabeaac7e88e2a75c5f859586 3451625 lynx-cur_2.8.8dev.5.orig.tar.gz
 2247d9e01a0b25b7fec2523941f66f47a90e98ca4a25c56449d86d057195eda5 31898 lynx-cur_2.8.8dev.5-1.diff.gz
 52ada74577c7bb88ffe5f1bf54b26d32f15c90dde04e971cd7490a02ce2828e3 219948 lynx-cur-wrapper_2.8.8dev.5-1_all.deb
 c8fb1fbcf083b0b10e45dcb177826e394acc57019d8b31bcd667a13548009050 217418 lynx_2.8.8dev.5-1_all.deb
 026f132aec4b38dcf8d44f6855c4ad0e7c3a6b44761cd2aa28dd5d1af2686465 2114860 lynx-cur_2.8.8dev.5-1_i386.deb
Files: 
 33a6b6f3101ec76972d175cb34c6ca09 1181 web extra lynx-cur_2.8.8dev.5-1.dsc
 c565ee195d3a9d331f27dcd1f52f5922 3451625 web extra lynx-cur_2.8.8dev.5.orig.tar.gz
 f2a8969c74f63777fb517986542c1444 31898 web extra lynx-cur_2.8.8dev.5-1.diff.gz
 08e9f964af87a40339d5744909c3a14a 219948 web extra lynx-cur-wrapper_2.8.8dev.5-1_all.deb
 5f29cd3762c18dce5c9729f969e8af65 217418 web extra lynx_2.8.8dev.5-1_all.deb
 9a0e416b640d65faa8de90244ab0cf13 2114860 web extra lynx-cur_2.8.8dev.5-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkx18hoACgkQ1IXdL1v6kOwKoACfblkdFfTupm1nIE6gheUMeO7p
vuwAoJS4jm0YX0tbqWYClUse7Rz9BeZi
=WiE5
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 03 Oct 2010 07:30:46 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 23:20:56 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.