[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
w3m: multiple vulnerabilities, CVE-2018-6196, CVE-2018-6197, CVE-2018-6198
- From: Tatsuya Kinoshita <tats@xxxxxxxxxxxxxx>
- Date: Fri, 26 Jan 2018 19:31:26 +0900 (JST)
- X-ml-name: emacs-w3m
- X-mail-count: 12887
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi, w3m folks,
Recently, multiple security flaws have been fixed in Debian's w3m,
though the Debian security team manages the issues as minor/unimportant,
no DSA (Debian Security Advisory).
- Fix stack overflow with malformed text [CVE-2018-6196]
- Fix null deref with malformed text [CVE-2018-6197]
- Fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198]
cf. https://security-tracker.debian.org/tracker/source-package/w3m
The patched snapshot release tagged as v0.5.3+git20180125 is
available from:
- https://salsa.debian.org/debian/w3m (new)
- https://anonscm.debian.org/cgit/collab-maint/w3m.git (will be closed)
- https://github.com/tats/w3m
Thanks,
- --
Tatsuya Kinoshita
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEAxxiPZTvHz7xexyE5e+rkAgOpjwFAlprA3oACgkQ5e+rkAgO
pjwbLBAAiKobpHPB+4jUpLvx9Ck10wBcK+mK4Qx63EZGso540x5IU90I8CWMtceA
sm2CezoZsYdQFS7JWABnvI2w3cqeuGhC69BlycXR+SIlsj/SZLra8k2ZVCcwE1YE
nG/rECbKU+J7rYRR6sKAtVbi3Apnhpis17DxFMXzUsIdrDkBzlri0z9xC37VMm7b
DhUUDQrJFHcvX6yMuAYMu/3Dzw20k8c7BitB+34Y7u/yhRzdUo/tp6vMhqn7zpGV
02kLwtCXFtlyRJ5j+QqvV3cfhLpZd0kdloCdsvIbH/ZzKeGZD+Ybi/kgrSMZIEs1
iuTzBw/EtX1Jss5UGHn823Eg3asLkcdWCsM0Bt7hVz3a9S2iJYArnu4jAKs3mqYW
PvTWSRvRrnTmFbbShO0u6Edr1eA31+p3LegTsOAZ2BW0xy8wRWtzJ6NTfp/Mzf6n
TKbwmc+M8JpNZ6lnlWdukvRoVtEFnA9MneqWjky9zVwZEsx41gJhTcXmohtFQuWh
n8wuxqHSWHEd3imLUyurNIq9jXTKST3aILGgmwCgtL63xA+E4cJzJq7nitA23Ey3
32GB2La4jwy0SDsA4WQpJZMGOocOmhEohhJ/XCAEmhJiJvydJmtvYTzGqN6nPr10
FWsoEe0iP4u3QJxFvWDwezeE1l9a2UtPlvWQXAVskGYDnx/kqdg=
=59vT
-----END PGP SIGNATURE-----