LYNX-DEV security patches for lynx2.7.1 vulnerability wanted?

[John Saroglou]

Greetings...

Are there any patches that address the security issue as described in
CERT* Vendor-Initiated Bulletin VB-97.05 dated July 15, 1997 (see below).

I'm wondering if such patches have been applied to the present/next
release of lynx distribution.  If so, where can I grab a copy from?

Thanks in advance.


(            John Saroglou        E-Mail: address@hidden            )
(         CCS - Unix Support      Voice:  (416)736-5257             )
( -- The journey of thousand miles must begin with a single step -- )


=======================FORWARDED TEXT STARTS HERE============================
I. Description

Lynx typically stores persistent temporary files in /tmp on Un*x
systems.  The filenames Lynx chooses can be predicted, and another
user on the system may be able to exploit a race condition to replace
the temporary file with a symbolic link or with another file.

Installed versions of Lynx where a directory writeable by other users
(such as /tmp on a machine to which multiple users have access) is used
to store files during download are vulnerable.  This vulnerability can
only be exploited by a user with access to an account on the machine
running Lynx.

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;