[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

w3m: multiple vulnerabilities [CVE-2016-9422], [CVE-2016-9423], etc.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi, w3m folks,

Recently, multiple security flaws, CVE ID assigned issues and similar
issues, have been fixed in Debian's w3m, though the Debian security
team manages the issues as minor, no DSA (Debian Security Advisory).

  - fix multiple flaws with malformed text
    [CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425],
    [CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430],
    [CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434],
    [CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438],
    [CVE-2016-9439], [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443]
  - fix potential heap buffer corruption due to Strgrow [CVE-2016-9442]

cf. https://security-tracker.debian.org/tracker/source-package/w3m
    http://www.openwall.com/lists/oss-security/2016/11/18/3

The patched snapshot tagged as v0.5.3+git20161120 is available
from:

  - https://anonscm.debian.org/cgit/collab-maint/w3m.git
  - https://github.com/tats/w3m

Thanks,
- -- 
Tatsuya Kinoshita
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYM28WAAoJEOXvq5AIDqY8s9cP/0RbxNNv1pntK+Pj/TjGycGO
QE7TK887sbwu30hws+7C4BxNHX+XH5afjaP+6pzlVvAn5+Rrrj/fNXsKCp85QLnt
9BsxJkShsamUVdMJJXn3oAk+ml2KVeiZig85jVA7xwAlIDVPiIv4e+dG20mz9x4y
wahTuL4QYn2JNpsei7YBoj/Szl7luYc+v61imvw73odCB3qE/e4FU4A3j6DXAWZk
2mDCqzRiT5GD5KnBkZk6rupok/n/BHC4+F1j/PElnHchVGAIHrX+/R8aNN0yPw8M
oVCwXT0xY2DMz9oPUXlhx0X5987jwDfl1RwghJQUUYanFk+1YWonPsnR4WQHWqrx
6MD28O+6aYmFJetbEJ871IJwYNQcIHA4eMbJPHWhNkpGuX3e+kdmrrc/HXi75f/H
FVp+jQlIkxBTDiFfKnr3kPmJvkXErlgv2OB5/GLwm9oO28zwm03cIbvN/c7wP45y
QuT98+izSc5re+tfTrt8gOTdNDs+2tf2kP2s7omZOlW9Sv01hw71fOp3Ji/a7wre
oObaeIVSbLRhLXzUg/dCzwks2DQ3GDu6NNqGjNUeSgGnBa+mhGnvBKbz6io/cc/q
vsIRhsagxTJgnKAZjBrYsy/r7n44rKYYIUQAGxAnHGnITC2Bs2YJfQFLYDuOMZ0z
KrpXvDof8gBoR99IDQSL
=uDJX
-----END PGP SIGNATURE-----