Your message dated Sat, 27 May 2017 12:34:01 +0000 with message-id <[email protected]> and subject line Bug#850432: fixed in w3m 0.5.3-19+deb8u2 has caused the Debian Bug report #850432, regarding w3m: multiple vulnerabilities to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 850432: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850432 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: w3m Version: 0.5.3-19+deb8u1 Tags: patch security upstream Additional security issues, such as buffer overflow, use after free, infinite loop, are discovered, and fixed in v0.5.3+git20170102. To fix these issues through a jessie point update, I'll prepare the package w3m 0.5.3-19+deb8u2 soon. cf. - fix menu buffer-overflow https://github.com/tats/w3m/pull/49 - heap-buffer-overflow read in wtf_strwidth() and wtf_len() https://github.com/tats/w3m/issues/57 - heap-buffer-overflow read in process_textarea() https://github.com/tats/w3m/issues/58 - overflow beyond the end of string in caller of get_mclen() https://github.com/tats/w3m/issues/59 https://github.com/tats/w3m/issues/73 https://github.com/tats/w3m/issues/74 https://github.com/tats/w3m/issues/75 https://github.com/tats/w3m/issues/76 https://github.com/tats/w3m/issues/78 https://github.com/tats/w3m/issues/79 https://github.com/tats/w3m/issues/80 https://github.com/tats/w3m/issues/83 https://github.com/tats/w3m/issues/84 - heap-buffer-overflow read in feed_table_tag() https://github.com/tats/w3m/issues/60 - heap-buffer-overflow write in HTMLlineproc2body() https://github.com/tats/w3m/issues/61 - heap-buffer-overflow read in shiftAnchorPosition() https://github.com/tats/w3m/issues/62 - heap-buffer-overflow read in getMetaRefreshParam() https://github.com/tats/w3m/issues/63 - heap-buffer-overflow read in flushline() https://github.com/tats/w3m/issues/64 https://github.com/tats/w3m/issues/66 - heap-use-after-free in HTMLlineproc0() https://github.com/tats/w3m/issues/65 - heap-buffer-overflow read in check_row() https://github.com/tats/w3m/issues/67 - heap-buffer-overflow read in wtf_parse1() and wtf_parse() https://github.com/tats/w3m/issues/68 - forgot to preserve one byte for end of string character in form_update_line() https://github.com/tats/w3m/issues/68#issuecomment-266214643 - SEGV in calcPosition() https://github.com/tats/w3m/issues/69 - heap-buffer-overflow in set_integered_width() https://github.com/tats/w3m/issues/70 - heap-buffer-overflow write in feed_table_tag() https://github.com/tats/w3m/issues/71 - heap-buffer-overflow in Strnew_size() https://github.com/tats/w3m/issues/72 - heap-buffer-overflow read in wtf_is_hangul() https://github.com/tats/w3m/issues/77 - heap-use-after-free read in HTMLlineproc0() https://github.com/tats/w3m/issues/81 - heap-buffer-overflow write in form_update_line() https://github.com/tats/w3m/issues/82 - infinite loop in feed_textarea() https://github.com/tats/w3m/issues/85 Thanks, -- Tatsuya Kinoshita
pgpZD1nSEbqP7.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: w3m Source-Version: 0.5.3-19+deb8u2 We believe that the bug you reported is fixed in the latest version of w3m, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tatsuya Kinoshita <[email protected]> (supplier of updated w3m package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 06 Jan 2017 23:21:55 +0900 Source: w3m Binary: w3m w3m-img Architecture: source amd64 Version: 0.5.3-19+deb8u2 Distribution: jessie Urgency: medium Maintainer: Tatsuya Kinoshita <[email protected]> Changed-By: Tatsuya Kinoshita <[email protected]> Description: w3m - WWW browsable pager with excellent tables/frames support w3m-img - inline image extension support utilities for w3m Closes: 850432 Changes: w3m (0.5.3-19+deb8u2) jessie; urgency=medium . * Fix multiple vulnerabilities (closes: #850432) - New patch 934_menu.patch to fix buffer overflow (tats/w3m#49) - New patch 935_shiftanchor.patch to fix buffer overflow (tats/w3m#62) - New patch 936_metarefresh.patch to fix buffer overflow (tats/w3m#63) - New patch 937_lineproc0.patch to fix buffer overflow (tats/w3m#67) - New patch 938_lineproc2body.patch to fix buffer overflow (tats/w3m#61) - New patch 939_textarea.patch to fix buffer overflow (tats/w3m#58) - New patch 940_tabattr.patch to fix buffer overflow (tats/w3m#60) - New patch 941_integeredwidth.patch to fix buffer overflow (tats/w3m#70) - New patch 942_tridvalue.patch to fix buffer overflow (tats/w3m#71) - New patch 943_pushlink.patch to fix buffer overflow (tats/w3m#64, #66) - New patch 944_lineproc0.patch to fix use after free (tats/w3m#65) - New patch 945_wtfstrwidth.patch to fix buffer overflow (tats/w3m#57) - New patch 946_strnewsize.patch to fix buffer overflow (tats/w3m#72) - New patch 947_realcolumn.patch to fix buffer overflow (tats/w3m#69) - New patch 948_getmclen.patch to fix buffer overflow (tats/w3m#59, #73, #74, #75, #76, #78, #79, #80, #83, #84) - New patch 949_wtftowcs.patch to fix buffer overflow (tats/w3m#77) - New patch 950_textarea.patch to fix infinite loop (tats/w3m#85) - New patch 951_lineproc0.patch to fix use after free (tats/w3m#81) - New patch 952_formupdatebuffer.patch to fix buffer overflow (tats/w3m#82) - New patch 953_formupdateline.patch to fix buffer overflow (tats/w3m#68#issuecomment-266214643) - New patch 954_wtfparse1.patch to fix buffer overflow (tats/w3m#68) Checksums-Sha1: d4d15f7a4bca83ee2b57ac6ec5770f1184d4eda7 2074 w3m_0.5.3-19+deb8u2.dsc 75e0f5bd1e6e6b0ef63de6b7003b90fbe20857c5 107480 w3m_0.5.3-19+deb8u2.debian.tar.xz c96177dc28583ef7f9b9afa9dd1e534a92654fc7 1005590 w3m_0.5.3-19+deb8u2_amd64.deb 9d26fdf38ce93c9f5e3cddc7dac393151db3b18e 119968 w3m-img_0.5.3-19+deb8u2_amd64.deb Checksums-Sha256: fa29b88fb8451d1afa80ac33cd98e2c8ecbddede6154b4a0a4d8ce52530d9b17 2074 w3m_0.5.3-19+deb8u2.dsc 69c3b53380316982ae0e64771da383bbb58950d879658bb78052d2666aeea3e8 107480 w3m_0.5.3-19+deb8u2.debian.tar.xz 7084a4e355dae7605598726ee91807a35ffa910d62b5c73d24db46be9a80a5ff 1005590 w3m_0.5.3-19+deb8u2_amd64.deb e41eb0877788146d465014de6d23ab6862f4cd252ac91ac3be731def69bbac34 119968 w3m-img_0.5.3-19+deb8u2_amd64.deb Files: 9f451e51484a0df6e5182e098fc2adae 2074 web standard w3m_0.5.3-19+deb8u2.dsc 470412d018743795a0f04fc0f4224470 107480 web standard w3m_0.5.3-19+deb8u2.debian.tar.xz 0aa93b4d079b7d9c79b2125069d639db 1005590 web standard w3m_0.5.3-19+deb8u2_amd64.deb 954b6d6e9995c2ba853d8970b1203543 119968 web optional w3m-img_0.5.3-19+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEAxxiPZTvHz7xexyE5e+rkAgOpjwFAlkL+XEACgkQ5e+rkAgO pjzR6g//WZbZ0XXAioV4jPXXeQLmGDj61h/+cB5Pn/jyXESbbgdVhCoUvisqRpCD rbtvh6HVpuXy1P4QvwvZrOLdVSuvTW/TieGGRmvxzBT8KWgXIk8oCdThJ6YuWAN0 LQeqpk6CU+QBDuoRusiPnJSxe1z8BKgr9NwZWubRQWEl/bTPLpgegFTE0Q5SxCbT Lk/gY5XImbe1F7pW0LQ3M00OrjgD0qkRNn3qke0ylnkT2w9d/Rhvs7zMerU5j1YV xgw8e4pv6mS1uij8C5Bzs9d0r0VGOWQSAjrcYgv3L7gdL3BDtqKj3OtHFeYCfsYG 6NFz1zeUm/Tkat7FKSIi9sybiQPgpZxXPb05YYFTZ1Aq6hXGgTV2sJSkO9E7+kpE ZKcIute0niihYN5yE8wQ/NcYoEUCBECgDvwX7QU/xT2DJoVmphgb3BAAzUxke04w lKz+mM2TqcRXlp7zuXO9R4w76qPx+DKuHLn71H66XBRuWkxiQXe/CqDF3QzfPEIW gbINkQOWnmeZph8Numrok0BlgknQNciLRXT7a/HwgRFmgoOJD2UBOn9MXZ2DETPn 2cguVTLsG4+NnhLxUJe6qOySJw5JfBY457JG0Khco/pb1JpZhMAumdGd4nHXiwqh oxdFVYJdXbmn880h8mKhSgVTiAavWhCSaEKNiJiCLgIxhNU8HsU= =WxIo -----END PGP SIGNATURE-----
--- End Message ---

