[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

w3m: multiple vulnerabilities, CVE-2018-6196, CVE-2018-6197, CVE-2018-6198



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi, w3m folks,

Recently, multiple security flaws have been fixed in Debian's w3m,
though the Debian security team manages the issues as minor/unimportant,
no DSA (Debian Security Advisory).

  - Fix stack overflow with malformed text [CVE-2018-6196]
  - Fix null deref with malformed text [CVE-2018-6197]
  - Fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198]

cf. https://security-tracker.debian.org/tracker/source-package/w3m

The patched snapshot release tagged as v0.5.3+git20180125 is
available from:

  - https://salsa.debian.org/debian/w3m (new)
  - https://anonscm.debian.org/cgit/collab-maint/w3m.git (will be closed)
  - https://github.com/tats/w3m

Thanks,
- -- 
Tatsuya Kinoshita
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEAxxiPZTvHz7xexyE5e+rkAgOpjwFAlprA3oACgkQ5e+rkAgO
pjwbLBAAiKobpHPB+4jUpLvx9Ck10wBcK+mK4Qx63EZGso540x5IU90I8CWMtceA
sm2CezoZsYdQFS7JWABnvI2w3cqeuGhC69BlycXR+SIlsj/SZLra8k2ZVCcwE1YE
nG/rECbKU+J7rYRR6sKAtVbi3Apnhpis17DxFMXzUsIdrDkBzlri0z9xC37VMm7b
DhUUDQrJFHcvX6yMuAYMu/3Dzw20k8c7BitB+34Y7u/yhRzdUo/tp6vMhqn7zpGV
02kLwtCXFtlyRJ5j+QqvV3cfhLpZd0kdloCdsvIbH/ZzKeGZD+Ybi/kgrSMZIEs1
iuTzBw/EtX1Jss5UGHn823Eg3asLkcdWCsM0Bt7hVz3a9S2iJYArnu4jAKs3mqYW
PvTWSRvRrnTmFbbShO0u6Edr1eA31+p3LegTsOAZ2BW0xy8wRWtzJ6NTfp/Mzf6n
TKbwmc+M8JpNZ6lnlWdukvRoVtEFnA9MneqWjky9zVwZEsx41gJhTcXmohtFQuWh
n8wuxqHSWHEd3imLUyurNIq9jXTKST3aILGgmwCgtL63xA+E4cJzJq7nitA23Ey3
32GB2La4jwy0SDsA4WQpJZMGOocOmhEohhJ/XCAEmhJiJvydJmtvYTzGqN6nPr10
FWsoEe0iP4u3QJxFvWDwezeE1l9a2UtPlvWQXAVskGYDnx/kqdg=
=59vT
-----END PGP SIGNATURE-----