View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-9179 severity moderate: SUSE including 2 source package names (lynx-2.8.6-145.1, lynx-2.9.0~dev.9-1.2), 2 product×package rows across 2 product lines (SUSE Linux Enterprise Software Development Kit 11 SP4, openSUSE Tumbleweed): Fixed 2.
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.