{"id":"MGASA-2017-0052","summary":"Updated lynx packages fix security vulnerability","details":"Lynx doesn't parse the authority component of the URL correctly when the\nhost name part ends with '?', and could instead be tricked into connecting\nto a different host. (CVE-2016-9179)\n","modified":"2026-04-16T06:22:39.377061655Z","published":"2017-02-20T13:00:19Z","upstream":["CVE-2016-9179"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0052.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19714"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2016/11/04/1"}],"affected":[{"package":{"name":"lynx","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/lynx?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.8-1.rel2.3.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0052.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}