I've NMUed w3m with attached diff.
Cheers,
Moritz
diff -aur w3m-0.5.1.orig/debian/changelog w3m-0.5.1/debian/changelog
--- w3m-0.5.1.orig/debian/changelog 2006-12-26 18:44:23.000000000 +0100
+++ w3m-0.5.1/debian/changelog 2006-12-26 18:51:48.000000000 +0100
@@ -1,3 +1,11 @@
+w3m (0.5.1-5.1) unstable; urgency=high
+
+ * NMU by the Security Team:
+ * Fix format string vulnerability in display of SSL certificates.
+ (No CVE ID yet) (Closes: #404564)
+
+ -- Moritz Muehlenhoff <[EMAIL PROTECTED]> Tue, 26 Dec 2006 18:49:26 +0100
+
w3m (0.5.1-5) unstable; urgency=low
* fix FTBFS on GNU/kFreeBSD (due to unsatisfied Build-Depends on libgpmg1-dev)
Only in w3m-0.5.1/debian: changelog~
diff -aur w3m-0.5.1.orig/file.c w3m-0.5.1/file.c
--- w3m-0.5.1.orig/file.c 2006-12-26 18:44:23.000000000 +0100
+++ w3m-0.5.1/file.c 2006-12-26 18:49:18.000000000 +0100
@@ -7973,7 +7973,7 @@
ans = inputChar(prompt);
}
else {
- printf(prompt);
+ printf("%s", prompt);
fflush(stdout);
ans = Strfgets(stdin)->ptr;
}
Only in w3m-0.5.1: file.c~
