This version is NOT compatable with the older 1.0 series but since the
one port that uses the 1.0 series will be updated shortly this isn't much
of an issue.
ok todd@
--
SECURITY fix:
A cross-site scripting (XSS) vulnerability has been discovered for
all versions of MHonArc upto, and including, v2.5.13. A specially
crafted HTML mail message can introduce foreign scripting content
in archives, by-passing MHonArc's HTML script filtering.
brad@ ok
"Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> found another security
vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag
in img alt attribute, so malicious frame html may deceive you to
access your local files, cookies and so on."
--
This version fixes an URL CRLF Injection Vulnerability:
A CRLF injection vulnerability has been reported for Links that
may allow an attacker to include extra HTTP headers when viewing
web pages.
If Links is called from the command line, carriage return and line
feed (CRLF) characters may be included in the specified URL.
These characters are not escaped when the input is used to construct
a HTTP request.
URL: http://online.securityfocus.com/bid/5499/discussion/
espie@ brad@ ok
--
Perl module that provides an extension to HTML::Template
which allows expressions in the template syntax.
From: Jim Geovedi <jim@corebsd.or.id>
brad@ ok
submitted by Dan Weeks <danimal@danimal.org>
Privoxy is a web proxy with advanced filtering capabilities for protecting
privacy, filtering web page content, managing cookies, controlling access,
and removing ads, banners, pop-ups and other obnoxious Internet junk.
Privoxy has a very flexible configuration and can be customized to suit
individual needs and tastes. Privoxy has application for both stand-alone
systems and multi-user networks.
naddy@ OK
SECURITY: This fixes a vulnerability where w3m fails to escape HTML
tags in frame contents, so malicious frame HTML can deceive you and
access your local files, cookies and so on.
Submitted by Peter Galbavy <peter.galbavy@knowtion.net>.
This module is made for CGI scripting. It decodes the parameters
passed to the CGI. It does nothing more, so it's much smaller and
loads more quickly than CGI.pm.