Hello community, here is the log from the commit of package w3m for openSUSE:Factory checked in at 2018-01-30 15:36:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/w3m (Old) and /work/SRC/openSUSE:Factory/.w3m.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "w3m" Tue Jan 30 15:36:56 2018 rev:45 rq:569803 version:0.5.3+git20180125 Changes: -------- --- /work/SRC/openSUSE:Factory/w3m/w3m.changes 2016-12-02 16:36:58.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.w3m.new/w3m.changes 2018-01-30 15:37:21.222353227 +0100 @@ -1,0 +2,17 @@ +Thu Jan 25 10:26:25 UTC 2018 - thomas.bl...@suse.com + +- add git ChangeLog to /usr/share/doc/w3m/ + +- update to version 0.5.3+git20180125 + addressed security issue: + CVE-2018-6196: w3m: an infinite recursion flaw in HTMLlineproc0 + because the feed_table_block_tag function in table.c does not + prevent a negative indent value allows for (bsc#1077559) + CVE-2018-6197: w3m: NULL pointer dereference flaw in formUpdateBuffer + in form.c (bsc#1077568) + CVE-2018-6198: w3m: does not properly handle temporary files when + the ~/.w3m directory is unwritable, which allows a local attacker to + craft a symlink attack to overwrite arbitrary files (bsc#1077572) + other changes, bugfixes see: /usr/share/doc/w3m/ChangeLog + +------------------------------------------------------------------- Old: ---- w3m-0.5.3.git20161120.tar.xz New: ---- w3m-0.5.3+git20180125.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ w3m.spec ++++++ --- /var/tmp/diff_new_pack.ArXK56/_old 2018-01-30 15:37:21.862323348 +0100 +++ /var/tmp/diff_new_pack.ArXK56/_new 2018-01-30 15:37:21.866323161 +0100 @@ -1,7 +1,7 @@ # # spec file for package w3m # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: w3m Url: http://w3m.sourceforge.net/ -Version: 0.5.3.git20161120 +Version: 0.5.3+git20180125 Release: 0 Summary: A text-based WWW browser License: ISC @@ -124,6 +124,7 @@ /usr/bin/w3m /usr/bin/w3mman %doc doc/* +%doc ChangeLog %_mandir/de/man1/w3m* %_libdir/w3m %exclude %_libdir/w3m/w3mimgdisplay ++++++ _service ++++++ --- /var/tmp/diff_new_pack.ArXK56/_old 2018-01-30 15:37:21.910321106 +0100 +++ /var/tmp/diff_new_pack.ArXK56/_new 2018-01-30 15:37:21.910321106 +0100 @@ -4,7 +4,7 @@ <param name="url">https://github.com/tblume/w3m.git</param> <param name="subdir"></param> <param name="filename">w3m</param> - <param name="version">0.5.3.git20161120</param> + <param name="version">0.5.3+git20180125</param> <param name="revision">master</param> </service> <service name="recompress" mode="disabled">
