Bug#850432: w3m: multiple vulnerabilities

Fri, 06 Jan 2017 04:57:45 -0800 

Package: w3m
Version: 0.5.3-19+deb8u1
Tags: patch security upstream

Additional security issues, such as buffer overflow, use after free,
infinite loop, are discovered, and fixed in v0.5.3+git20170102.

To fix these issues through a jessie point update, I'll prepare the
package w3m 0.5.3-19+deb8u2 soon.

cf.

  - fix menu buffer-overflow
    https://github.com/tats/w3m/pull/49

  - heap-buffer-overflow read in wtf_strwidth() and wtf_len()
    https://github.com/tats/w3m/issues/57

  - heap-buffer-overflow read in process_textarea()
    https://github.com/tats/w3m/issues/58

  - overflow beyond the end of string in caller of get_mclen()
    https://github.com/tats/w3m/issues/59
    https://github.com/tats/w3m/issues/73
    https://github.com/tats/w3m/issues/74
    https://github.com/tats/w3m/issues/75
    https://github.com/tats/w3m/issues/76
    https://github.com/tats/w3m/issues/78
    https://github.com/tats/w3m/issues/79
    https://github.com/tats/w3m/issues/80
    https://github.com/tats/w3m/issues/83
    https://github.com/tats/w3m/issues/84

  - heap-buffer-overflow read in feed_table_tag()
    https://github.com/tats/w3m/issues/60

  - heap-buffer-overflow write in HTMLlineproc2body()
    https://github.com/tats/w3m/issues/61

  - heap-buffer-overflow read in shiftAnchorPosition()
    https://github.com/tats/w3m/issues/62

  - heap-buffer-overflow read in getMetaRefreshParam()
    https://github.com/tats/w3m/issues/63

  - heap-buffer-overflow read in flushline()
    https://github.com/tats/w3m/issues/64
    https://github.com/tats/w3m/issues/66

  - heap-use-after-free in HTMLlineproc0()
    https://github.com/tats/w3m/issues/65

  - heap-buffer-overflow read in check_row()
    https://github.com/tats/w3m/issues/67

  - heap-buffer-overflow read in wtf_parse1() and wtf_parse()
    https://github.com/tats/w3m/issues/68

  - forgot to preserve one byte for end of string character in 
form_update_line()
    https://github.com/tats/w3m/issues/68#issuecomment-266214643

  - SEGV in calcPosition()
    https://github.com/tats/w3m/issues/69

  - heap-buffer-overflow in set_integered_width()
    https://github.com/tats/w3m/issues/70

  - heap-buffer-overflow write in feed_table_tag()
    https://github.com/tats/w3m/issues/71

  - heap-buffer-overflow in Strnew_size()
    https://github.com/tats/w3m/issues/72

  - heap-buffer-overflow read in wtf_is_hangul()
    https://github.com/tats/w3m/issues/77

  - heap-use-after-free read in HTMLlineproc0()
    https://github.com/tats/w3m/issues/81

  - heap-buffer-overflow write in form_update_line()
    https://github.com/tats/w3m/issues/82

  - infinite loop in feed_textarea()
    https://github.com/tats/w3m/issues/85

Thanks,
--
Tatsuya Kinoshita

Attachment: pgphipvC87Shh.pgp
Description: PGP signature

Reply via email to