openSUSE has issued an advisory on December 2: https://lists.opensuse.org/opensuse-updates/2017-12/msg00007.html The SUSE bug has a link to the upstream commit that fixed the issue: https://bugzilla.suse.com/show_bug.cgi?id=1068885 Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for lynx
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Suggested advisory: ======================== The updated package fix a security vulnerability: Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. (CVE-2017-1000211) References: https://lists.opensuse.org/opensuse-updates/2017-12/msg00007.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000211 ======================== Updated packages in 5/core/updates_testing: ======================== lynx-2.8.8-1.rel2.3.2.mga5 from SRPMS: lynx-2.8.8-1.rel2.3.2.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== lynx-2.8.8-1.rel2.6.1.mga6 from SRPMS: lynx-2.8.8-1.rel2.6.1.mga6.src.rpm
Source RPM: lynx-2.8.8-1.rel2.8.mga7.src.rpm => lynx-2.8.8-1.rel2.6.mga6.src.rpmAssignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDWhiteboard: MGA6TOO, MGA5TOO => MGA5TOOVersion: Cauldron => 6
MGA5-32 on Dell Latitude D600 Xfce No installation issues. Used lynx to view our own www.mageia.org, looks OK.
Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OKCC: (none) => herman.viaene
Updated this on Mageia 5 :: x86_64 Pointed lynx at a few sites like Mageia Bugzilla, exoplanet.eu and APOD (https://apod.nasa.gov/apod/astropix.html). "Clicking" on the introductory text launched an image viewer with today's picture. Clicking in this case involved down-arrow to select the field then Return to "click". / activates the text search option. Responding with "shadow" highlighted that word wherever it occurred in the page. Not sure how useful that is. It works.
CC: (none) => tarazed25Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA5-64-OK
Installed on Mageia 6 :: x86_64 Terminal-based interface working smoothly. Visited a few sites, traversed links, displayed images and PDFs and looked at files. No problems except with Youtube videos - always "unavailable". OK for 64 bits.
Whiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0451.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED