openSUSE has issued an advisory on December 2:
The SUSE bug has a link to the upstream commit that fixed the issue:
Mageia 5 and Mageia 6 are also affected.
Assigning to all packagers collectively, since there is no registered maintainer for lynx
The updated package fix a security vulnerability:
Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. (CVE-2017-1000211)
Updated packages in 5/core/updates_testing:
Updated packages in 6/core/updates_testing:
MGA6TOO, MGA5TOO =>
MGA5-32 on Dell Latitude D600 Xfce
No installation issues.
Used lynx to view our own www.mageia.org, looks OK.
Updated this on Mageia 5 :: x86_64
Pointed lynx at a few sites like Mageia Bugzilla, exoplanet.eu and APOD (https://apod.nasa.gov/apod/astropix.html). "Clicking" on the introductory text launched an image viewer with today's picture. Clicking in this case involved down-arrow to select the field then Return to "click". / activates the text search option. Responding with "shadow" highlighted that word wherever it occurred in the page. Not sure how useful that is.
MGA5TOO MGA5-32-OK =>
MGA5TOO MGA5-32-OK MGA5-64-OK
Installed on Mageia 6 :: x86_64
Terminal-based interface working smoothly. Visited a few sites, traversed links, displayed images and PDFs and looked at files. No problems except with Youtube videos - always "unavailable".
OK for 64 bits.
MGA5TOO MGA5-32-OK MGA5-64-OK =>
MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-64-OK
An update for this issue has been pushed to the Mageia Updates repository.