Your message dated Sat, 27 May 2017 12:34:01 +0000
with message-id <[email protected]>
and subject line Bug#850432: fixed in w3m 0.5.3-19+deb8u2
has caused the Debian Bug report #850432,
regarding w3m: multiple vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
850432: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850432
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: w3m
Version: 0.5.3-19+deb8u1
Tags: patch security upstream

Additional security issues, such as buffer overflow, use after free,
infinite loop, are discovered, and fixed in v0.5.3+git20170102.

To fix these issues through a jessie point update, I'll prepare the
package w3m 0.5.3-19+deb8u2 soon.

cf.

  - fix menu buffer-overflow
    https://github.com/tats/w3m/pull/49

  - heap-buffer-overflow read in wtf_strwidth() and wtf_len()
    https://github.com/tats/w3m/issues/57

  - heap-buffer-overflow read in process_textarea()
    https://github.com/tats/w3m/issues/58

  - overflow beyond the end of string in caller of get_mclen()
    https://github.com/tats/w3m/issues/59
    https://github.com/tats/w3m/issues/73
    https://github.com/tats/w3m/issues/74
    https://github.com/tats/w3m/issues/75
    https://github.com/tats/w3m/issues/76
    https://github.com/tats/w3m/issues/78
    https://github.com/tats/w3m/issues/79
    https://github.com/tats/w3m/issues/80
    https://github.com/tats/w3m/issues/83
    https://github.com/tats/w3m/issues/84

  - heap-buffer-overflow read in feed_table_tag()
    https://github.com/tats/w3m/issues/60

  - heap-buffer-overflow write in HTMLlineproc2body()
    https://github.com/tats/w3m/issues/61

  - heap-buffer-overflow read in shiftAnchorPosition()
    https://github.com/tats/w3m/issues/62

  - heap-buffer-overflow read in getMetaRefreshParam()
    https://github.com/tats/w3m/issues/63

  - heap-buffer-overflow read in flushline()
    https://github.com/tats/w3m/issues/64
    https://github.com/tats/w3m/issues/66

  - heap-use-after-free in HTMLlineproc0()
    https://github.com/tats/w3m/issues/65

  - heap-buffer-overflow read in check_row()
    https://github.com/tats/w3m/issues/67

  - heap-buffer-overflow read in wtf_parse1() and wtf_parse()
    https://github.com/tats/w3m/issues/68

  - forgot to preserve one byte for end of string character in 
form_update_line()
    https://github.com/tats/w3m/issues/68#issuecomment-266214643

  - SEGV in calcPosition()
    https://github.com/tats/w3m/issues/69

  - heap-buffer-overflow in set_integered_width()
    https://github.com/tats/w3m/issues/70

  - heap-buffer-overflow write in feed_table_tag()
    https://github.com/tats/w3m/issues/71

  - heap-buffer-overflow in Strnew_size()
    https://github.com/tats/w3m/issues/72

  - heap-buffer-overflow read in wtf_is_hangul()
    https://github.com/tats/w3m/issues/77

  - heap-use-after-free read in HTMLlineproc0()
    https://github.com/tats/w3m/issues/81

  - heap-buffer-overflow write in form_update_line()
    https://github.com/tats/w3m/issues/82

  - infinite loop in feed_textarea()
    https://github.com/tats/w3m/issues/85

Thanks,
--
Tatsuya Kinoshita

Attachment: pgpZD1nSEbqP7.pgp
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: w3m
Source-Version: 0.5.3-19+deb8u2

We believe that the bug you reported is fixed in the latest version of
w3m, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tatsuya Kinoshita <[email protected]> (supplier of updated w3m package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 06 Jan 2017 23:21:55 +0900
Source: w3m
Binary: w3m w3m-img
Architecture: source amd64
Version: 0.5.3-19+deb8u2
Distribution: jessie
Urgency: medium
Maintainer: Tatsuya Kinoshita <[email protected]>
Changed-By: Tatsuya Kinoshita <[email protected]>
Description:
 w3m        - WWW browsable pager with excellent tables/frames support
 w3m-img    - inline image extension support utilities for w3m
Closes: 850432
Changes:
 w3m (0.5.3-19+deb8u2) jessie; urgency=medium
 .
   * Fix multiple vulnerabilities (closes: #850432)
     - New patch 934_menu.patch to fix buffer overflow (tats/w3m#49)
     - New patch 935_shiftanchor.patch to fix buffer overflow (tats/w3m#62)
     - New patch 936_metarefresh.patch to fix buffer overflow (tats/w3m#63)
     - New patch 937_lineproc0.patch to fix buffer overflow (tats/w3m#67)
     - New patch 938_lineproc2body.patch to fix buffer overflow (tats/w3m#61)
     - New patch 939_textarea.patch to fix buffer overflow (tats/w3m#58)
     - New patch 940_tabattr.patch to fix buffer overflow (tats/w3m#60)
     - New patch 941_integeredwidth.patch to fix buffer overflow (tats/w3m#70)
     - New patch 942_tridvalue.patch to fix buffer overflow (tats/w3m#71)
     - New patch 943_pushlink.patch to fix buffer overflow (tats/w3m#64, #66)
     - New patch 944_lineproc0.patch to fix use after free (tats/w3m#65)
     - New patch 945_wtfstrwidth.patch to fix buffer overflow (tats/w3m#57)
     - New patch 946_strnewsize.patch to fix buffer overflow (tats/w3m#72)
     - New patch 947_realcolumn.patch to fix buffer overflow (tats/w3m#69)
     - New patch 948_getmclen.patch to fix buffer overflow
       (tats/w3m#59, #73, #74, #75, #76, #78, #79, #80, #83, #84)
     - New patch 949_wtftowcs.patch to fix buffer overflow (tats/w3m#77)
     - New patch 950_textarea.patch to fix infinite loop (tats/w3m#85)
     - New patch 951_lineproc0.patch to fix use after free (tats/w3m#81)
     - New patch 952_formupdatebuffer.patch to fix buffer overflow (tats/w3m#82)
     - New patch 953_formupdateline.patch to fix buffer overflow
       (tats/w3m#68#issuecomment-266214643)
     - New patch 954_wtfparse1.patch to fix buffer overflow (tats/w3m#68)
Checksums-Sha1:
 d4d15f7a4bca83ee2b57ac6ec5770f1184d4eda7 2074 w3m_0.5.3-19+deb8u2.dsc
 75e0f5bd1e6e6b0ef63de6b7003b90fbe20857c5 107480 
w3m_0.5.3-19+deb8u2.debian.tar.xz
 c96177dc28583ef7f9b9afa9dd1e534a92654fc7 1005590 w3m_0.5.3-19+deb8u2_amd64.deb
 9d26fdf38ce93c9f5e3cddc7dac393151db3b18e 119968 
w3m-img_0.5.3-19+deb8u2_amd64.deb
Checksums-Sha256:
 fa29b88fb8451d1afa80ac33cd98e2c8ecbddede6154b4a0a4d8ce52530d9b17 2074 
w3m_0.5.3-19+deb8u2.dsc
 69c3b53380316982ae0e64771da383bbb58950d879658bb78052d2666aeea3e8 107480 
w3m_0.5.3-19+deb8u2.debian.tar.xz
 7084a4e355dae7605598726ee91807a35ffa910d62b5c73d24db46be9a80a5ff 1005590 
w3m_0.5.3-19+deb8u2_amd64.deb
 e41eb0877788146d465014de6d23ab6862f4cd252ac91ac3be731def69bbac34 119968 
w3m-img_0.5.3-19+deb8u2_amd64.deb
Files:
 9f451e51484a0df6e5182e098fc2adae 2074 web standard w3m_0.5.3-19+deb8u2.dsc
 470412d018743795a0f04fc0f4224470 107480 web standard 
w3m_0.5.3-19+deb8u2.debian.tar.xz
 0aa93b4d079b7d9c79b2125069d639db 1005590 web standard 
w3m_0.5.3-19+deb8u2_amd64.deb
 954b6d6e9995c2ba853d8970b1203543 119968 web optional 
w3m-img_0.5.3-19+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEAxxiPZTvHz7xexyE5e+rkAgOpjwFAlkL+XEACgkQ5e+rkAgO
pjzR6g//WZbZ0XXAioV4jPXXeQLmGDj61h/+cB5Pn/jyXESbbgdVhCoUvisqRpCD
rbtvh6HVpuXy1P4QvwvZrOLdVSuvTW/TieGGRmvxzBT8KWgXIk8oCdThJ6YuWAN0
LQeqpk6CU+QBDuoRusiPnJSxe1z8BKgr9NwZWubRQWEl/bTPLpgegFTE0Q5SxCbT
Lk/gY5XImbe1F7pW0LQ3M00OrjgD0qkRNn3qke0ylnkT2w9d/Rhvs7zMerU5j1YV
xgw8e4pv6mS1uij8C5Bzs9d0r0VGOWQSAjrcYgv3L7gdL3BDtqKj3OtHFeYCfsYG
6NFz1zeUm/Tkat7FKSIi9sybiQPgpZxXPb05YYFTZ1Aq6hXGgTV2sJSkO9E7+kpE
ZKcIute0niihYN5yE8wQ/NcYoEUCBECgDvwX7QU/xT2DJoVmphgb3BAAzUxke04w
lKz+mM2TqcRXlp7zuXO9R4w76qPx+DKuHLn71H66XBRuWkxiQXe/CqDF3QzfPEIW
gbINkQOWnmeZph8Numrok0BlgknQNciLRXT7a/HwgRFmgoOJD2UBOn9MXZ2DETPn
2cguVTLsG4+NnhLxUJe6qOySJw5JfBY457JG0Khco/pb1JpZhMAumdGd4nHXiwqh
oxdFVYJdXbmn880h8mKhSgVTiAavWhCSaEKNiJiCLgIxhNU8HsU=
=WxIo
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to