Your message dated Mon, 21 Nov 2016 12:34:08 +0000
with message-id <[email protected]>
and subject line Bug#844726: fixed in w3m 0.5.3-33
has caused the Debian Bug report #844726,
regarding w3m: CVE-2016-9439: stack overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
844726: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844726
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: w3m
Version: 0.5.3-8
Severity: normal
Tags: security upstream patch
Forwarded: https://github.com/tats/w3m/issues/20
Hi,
the following vulnerability was published for w3m, I'm aware that this
is as well already fixed in the upstream git master. This bug is just
to track the issue since unfixed in 0.5.3-30 so that we can record it
as fixed once enters unstable.
CVE-2016-9439[0]:
stack overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9439
Regards and thanks for your work!
Salvatore
p.s.: all of the recently posted issues which got CVEs, seem to not
warrant a DSA, but can be fixed via a point release. We have
marked them already as such in the security-tracker.
--- End Message ---
--- Begin Message ---
Source: w3m
Source-Version: 0.5.3-33
We believe that the bug you reported is fixed in the latest version of
w3m, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tatsuya Kinoshita <[email protected]> (supplier of updated w3m package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 21 Nov 2016 21:08:37 +0900
Source: w3m
Binary: w3m w3m-img
Architecture: source amd64
Version: 0.5.3-33
Distribution: unstable
Urgency: medium
Maintainer: Tatsuya Kinoshita <[email protected]>
Changed-By: Tatsuya Kinoshita <[email protected]>
Description:
w3m - WWW browsable pager with excellent tables/frames support
w3m-img - inline image extension support utilities for w3m
Closes: 844726
Changes:
w3m (0.5.3-33) unstable; urgency=medium
.
* Update 020_debian.patch to v0.5.3+git20161120
- Prevent stack overflow (closes: #844726) [CVE-2016-9439]
* Update w3mconfig to use xsel as background
Checksums-Sha1:
462fda3961d7446e375ea1d88918011ffc3ad5e2 2040 w3m_0.5.3-33.dsc
8c58af62735011f6d220a974e5418e0d52888fba 183952 w3m_0.5.3-33.debian.tar.xz
d48633ffd21ceb39ce58e01d1e03ed985ec365b6 805912 w3m-dbgsym_0.5.3-33_amd64.deb
56805abf5e47b338ee9d0b575b7d8e4b12e7589e 27068
w3m-img-dbgsym_0.5.3-33_amd64.deb
158f51b3710c7211aa76dd2f678b29867537b33b 128290 w3m-img_0.5.3-33_amd64.deb
07fec7d95a1346dbd9055d29b397e9c4aa5229cf 6653
w3m_0.5.3-33_20161121T121142z-1785b949.buildinfo
9b39f96380f11b691e871fc49ea8fd986ca38cf5 1030028 w3m_0.5.3-33_amd64.deb
Checksums-Sha256:
9a29fa1f37bb2fc88181dc333032344af12ab126b6195ea7fa2902a5d240cec6 2040
w3m_0.5.3-33.dsc
503c4761542e4650545986b5347ec6af1f77c8fc2e9d8c9a1ef516f4ccaa1948 183952
w3m_0.5.3-33.debian.tar.xz
e4740829f309828ea29435e6f3073233a53c5d57aa7f06b43799afb37ca404ba 805912
w3m-dbgsym_0.5.3-33_amd64.deb
63191cdeb567fce64c6c58ed53006ae8769e1eda6f8fda1e7aa8cdca196dea4f 27068
w3m-img-dbgsym_0.5.3-33_amd64.deb
2278b68d04ddbce3ec5f9aaff47f369229928c79cd5ef224630005b01a20059c 128290
w3m-img_0.5.3-33_amd64.deb
56895e23872d7144cd5262766a7120dcb98c1533bb5fb9711ad15f208a78d253 6653
w3m_0.5.3-33_20161121T121142z-1785b949.buildinfo
389eb62fb7b46664564c89e585bda2142e6ab41e4ddb12916481fba51256f3a3 1030028
w3m_0.5.3-33_amd64.deb
Files:
98085b1fc065bd6b71ccedf15276b923 2040 web optional w3m_0.5.3-33.dsc
5bc23e68fad560ddb2bc74ea5e6465e1 183952 web optional w3m_0.5.3-33.debian.tar.xz
940bd9eae45fd327d8ac8a0be6a96f31 805912 debug extra
w3m-dbgsym_0.5.3-33_amd64.deb
128b302ba3d474471278d254abe32496 27068 debug extra
w3m-img-dbgsym_0.5.3-33_amd64.deb
b4324a8953fe67f7c6ec10763b9d1fe7 128290 web optional w3m-img_0.5.3-33_amd64.deb
1785b949d128f4645f953e49604211f1 6653 web optional
w3m_0.5.3-33_20161121T121142z-1785b949.buildinfo
79a37f3b9fefc64b344b562bf0ae13cf 1030028 web optional w3m_0.5.3-33_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEAxxiPZTvHz7xexyE5e+rkAgOpjwFAlgy5SgACgkQ5e+rkAgO
pjzvDA/9H+96oGm1VFOTCcpci8YnXYAYIkwFG/iPXl04a2RlUbzwubJCYwIxto4m
aE4NxRNm+dArH3FQPvcotosS23YjzediQPgSyiOT3xoHCqxX3Ycw+jA81x/sS9rF
ibgYtwMJ10ir9XuxHTgT8VWbX6+rhWVn8OJQPMc+WbyoC/rtY3c+hx2LaHC/WS5w
JkEtPkU8Vpw3G4/ICGQyeAxVGGcvs3jGKSsCCyAL/mycDJg5XjIlxnK8CVBAnwan
WHokmdxiyjllyznBOFb4nTwrNqeyTOK9GZE+OZjGPnQ+4KJsr0ujKP0y2ph1NKiy
HGpKJCJsDjXAGSMFVU/N3bLvq18XLPyYju/elldXRDJPeZAEZkr37DyG68TR9kjV
Nn8xnGzL5zC/WNEnYB0ZX9RZzhPVmMoh9bxbaItdUbu//lwUM16yuICP+383KLPk
go/gVRtuF8cMoWYC4t3RDTCMaCvIC1ZlPHaGubWrl2a+1qu7XOpPLQ0KFUWiwhSG
c+uMvBn8yaOXrHR4pKR/kWBitJ+ihpUarLBIWbV8Fq2yNVSaMCcdv1AqCHJAoD/F
moNeBBjuLhmV+P9hE8RVY4ox3XcXC256iSM/6yKjvTzwTC0yYl+e7iSxiLhTRLvN
c87eGnydUsmr1pxW0GoLWR21mMTxeo12OWmTx1dbGSDVwSlVVvA=
=zNgU
-----END PGP SIGNATURE-----
--- End Message ---
