Bug#845263: jessie-pu: package w3m/0.5.3-19+deb8u1

Mon, 21 Nov 2016 13:51:42 -0800 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

Hi, the release team,

I'd like to update package w3m in jessie to fix multiple security
flaws, CVE ID assigned issues and similar issues, managed as no DSA.

cf. https://security-tracker.debian.org/tracker/source-package/w3m
    http://www.openwall.com/lists/oss-security/2016/11/18/3

See this changelog and the attached debdiff.

w3m (0.5.3-19+deb8u1) jessie; urgency=medium

  * New patch 901_ucsmap.patch to fix array index (closes: #820162)
  * New patch 902_johab1.patch to fix array index (closes: #820373)
  * New patch 903_input-type.patch to fix null deref [CVE-2016-9430]
  * New patch 904_form-update.patch to fix overflow
    [CVE-2016-9423] [CVE-2016-9431]
  * New patch 905_textarea.patch to fix heap write [CVE-2016-9424]
  * New patch 906_form-update.patch to fix bcopy size [CVE-2016-9432]
  * New patch 907_iso2022.patch to fix array index [CVE-2016-9433]
  * New patch 908_forms.patch to fix null deref [CVE-2016-9434]
  * New patch 909_button-type.patch to fix rodata write [CVE-2016-9437]
  * New patch 910_input-alt.patch to fix null deref [CVE-2016-9438]
  * New patch 911_rowcolspan.patch to fix stack smashing [CVE-2016-9422]
  * New patch 912_i-dd.patch to fix uninit values
    [CVE-2016-9435] [CVE-2016-9436]
  * New patch 913_tabwidth.patch to fix heap corruption [CVE-2016-9426]
  * New patch 914_curline.patch to fix near-null deref [CVE-2016-9440]
  * New patch 915_table-alt.patch to fix near-null deref [CVE-2016-9441]
  * New patch 916_anchor.patch to fix heap write
    [CVE-2016-9425] [CVE-2016-9428]
  * New patch 917_strgrow.patch to fix potential heap buffer corruption
    [CVE-2016-9442]
  * New patch 918_form-value.patch to fix null deref [CVE-2016-9443]
  * New patch 919_form-update.patch to fix buffer overflow [CVE-2016-9429]
  * New patch 920_table.patch to fix stack overflow [CVE-2016-9439]
    (closes: #844726)
  * New patch 921_cotable.patch to fix null deref
  * New patch 922_lineproc.patch to fix null deref
  * New patch 923_tagproc.patch to fix negative size allocation
  * New patch 924_curline.patch to fix near-null deref
  * New patch 925_lineproc.patch to fix stack overflow
  * New patch 926_indent-level.patch to fix stack overflow
  * New patch 927_symbol.patch to fix array index
  * New patch 928_form-id.patch to fix null deref
  * New patch 929_anchor.patch to fix null deref
  * New patch 930_tbl-mode.patch to fix null deref
  * New patch 931_parse-url.patch to fix global-buffer-overflow
  * New patch 932_ucsmap.patch to fix global-buffer-overflow

 -- Tatsuya Kinoshita <t...@debian.org>  Tue, 22 Nov 2016 00:34:52 +0900

Please let me know if I can upload it.

Thanks,
--
Tatsuya Kinoshita

Attachment: w3m.debdiff
Description: Binary data

Attachment: pgpUJaf6PgbRa.pgp
Description: PGP signature

Reply via email to