-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2736-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 09, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : lynx Version : 2.8.9dev11-1+deb9u1 CVE ID : CVE-2021-38165 Debian Bug : #991971 It was discovered that there was a remote authentication credential leak in the "lynx" text-based web browser. The package now correctly handles authentication subcomponents in URIs (eg. https://user:[email protected]) to avoid remote attackers discovering cleartext credentials in SSL connection data. For Debian 9 "Stretch", this problem has been fixed in version 2.8.9dev11-1+deb9u1. We recommend that you upgrade your lynx packages. For the detailed security status of lynx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lynx Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmERSs4ACgkQHpU+J9Qx HlgucA//c7ki+LbLuP7LPja0/T1XRQjxPvAVvnHixMw+OY/r+FhuP3EsnGyooAVJ FDKQ8K3lynoOl15bedITEXfYZp3sg4l4mfOP3kF1OYaIow+ONuLjc2IhWNqUf6aD INZBav/Qlqkr5YA3Gn9xtoQyW12F4DkwsdnsoeT9d+O1XzOphMQi+3q5KurHTak8 7PRhbK5WchNfgTpiXA3u1cBUEJqdLh97kcDTTV6F+YNBJszYZSMqINXS9exdj1ud 51eRVHFsF4G8JDwZSf5+GQH6IGrc8usUPuH/YsDoaEhs8V5QSPP6R7TmPhHSSrOD p0VXWaVCYzw1PKHjgJhe2n04/T7Vywt/vt4JebJJ0P/o4BpZVbfb8QNeXtqbIaQ9 X/U9SrCd0N29reOk8b9G+VeEZhwe0zCBwTiZUFoTIV6LMXwLHPVYcY/1FXTnt5hu QX0MNm9k20heJ4YVFJmNi12mG5NE5vKEGOgplN3biiQEsofkIu4Hx5oXraGILN2e Nv1YLSKe1H12xzlJFExcGDbre1J4pssQjvyKPYVG8L9uYWX86vbTryVReeGMxq4j ROEjImDJBH1KtEoK9Bp36VjhD/AStzSii4kQ52LJ+CGrytO/Ft+rhxX3pzRyvpEY EfNSNzWKbWi4tNbkps6FawMUlVHXfQAxTURY3yJYozDVb/AXz8s= =ig9O -----END PGP SIGNATURE-----
