Re: LYNX-DEV new security bulletin drafts

[Jonathan Sergent]

Jim posted some changes to version 3 of the drafts.
 ] This sentence needs to be two sentences:
 ] 
 ] The FOTEMODS patches avoid any pre-existing filenames for new temporary
 ] files, thus skipping any symbolic link which may have been created with
 ] an upcoming temporary filename, and allows the administrator or user to
 ]                                ^- (These patches allow...)
 ] define TEMP_SPACE (or the LYNX_TEMP_SPACE environment variable) as
 ] "/tmp/$USER" (for example) for pre-existing directories that correspond
 ] to accounts' usernames and have protections/ACLs set for access only by
 ] the appropriate users.

Fixed, thanks.

 ] This is problematic:
 ] 
 ]   The next release of Lynx will eliminate this vulnerability, at
 ]   which time this bulletin will be updated.
 ] 
 ] Instead of promising a bulletin revision, advise readers to subscribe
 ] to *and read* the lynx-dev mailing list.

Done.

 ] Before saying this:
 ] 
 ]   General questions about Lynx installation and usage should be
 ]   sent to <address@hidden>.
 ] 
 ] Add:
 ] 
 ]   On-line help about Lynx is available using the 'h'elp key.  More help
 ] is available in the source distributions.  Should your questions not
 ] be answered by these means, ...

Did that, too.  Thanks.

See version 4 of both bulletins, same place as before.

Mail from here is really slow...


--jss.
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;