Menu
▾
▴
#73 multiple vulnerabilities [CVE-2016-9422], [CVE-2016-9423], etc.
Recently, multiple security flaws, CVE ID assigned issues and similar
issues, have been fixed in Debian's w3m, though the Debian security
team manages the issues as minor, no DSA (Debian Security Advisory).
- fix multiple flaws with malformed text
[CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425],
[CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430],
[CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434],
[CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438],
[CVE-2016-9439], [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443] - fix potential heap buffer corruption due to Strgrow [CVE-2016-9442]
cf. https://security-tracker.debian.org/tracker/source-package/w3m
http://www.openwall.com/lists/oss-security/2016/11/18/3
The patched snapshot tagged as v0.5.3+git20161120 is available
from:
CVE IDs added:
[CVE-2016-9621], [CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624],
[CVE-2016-9625], [CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628],
[CVE-2016-9629], [CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632],
[CVE-2016-9633]
fixed in v0.5.3+git20161120, debian/0.5.3-33.
cf. https://security-tracker.debian.org/tracker/source-package/w3m
http://www.openwall.com/lists/oss-security/2016/11/24/1
Also, additional issues are fixed in v0.5.3+git20170102.
Recently, multiple security flaws have been fixed in Debian's w3m,
though the Debian security team manages the issues as minor/unimportant,
no DSA (Debian Security Advisory).
cf. https://security-tracker.debian.org/tracker/source-package/w3m
The patched snapshot release tagged as v0.5.3+git20180125 is
available from: