Bug#845263: jessie-pu: package w3m/0.5.3-19+deb8u1

To: Tatsuya Kinoshita <tats@debian.org>, 845263@bugs.debian.org
Subject: Bug#845263: jessie-pu: package w3m/0.5.3-19+deb8u1
From: Julien Cristau <jcristau@debian.org>
Date: Sat, 17 Dec 2016 12:30:52 +0100
Message-id: <[🔎] 20161217113052.bkbssnd2haftckzk@betterave.cristau.org>
Reply-to: Julien Cristau <jcristau@debian.org>, 845263@bugs.debian.org
In-reply-to: <20161124.200347.1946626231984974409.tats%nobody@tats.iris.ne.jp>
References: <20161122.064021.1345348727498360543.tats%nobody@tats.iris.ne.jp> <20161124.200347.1946626231984974409.tats%nobody@tats.iris.ne.jp>

Control: tag -1 confirmed

On Thu, Nov 24, 2016 at 20:03:47 +0900, Tatsuya Kinoshita wrote:

> w3m (0.5.3-19+deb8u1) jessie; urgency=medium
> 
>   * New patch 901_ucsmap.patch to fix array index (closes: #820162)
>   * New patch 902_johab1.patch to fix array index (closes: #820373)
>   * New patch 903_input-type.patch to fix null deref [CVE-2016-9430]
>   * New patch 904_form-update.patch to fix overflow
>     [CVE-2016-9423] [CVE-2016-9431]
>   * New patch 905_textarea.patch to fix heap write [CVE-2016-9424]
>   * New patch 906_form-update.patch to fix bcopy size [CVE-2016-9432]
>   * New patch 907_iso2022.patch to fix array index [CVE-2016-9433]
>   * New patch 908_forms.patch to fix null deref [CVE-2016-9434]
>   * New patch 909_button-type.patch to fix rodata write [CVE-2016-9437]
>   * New patch 910_input-alt.patch to fix null deref [CVE-2016-9438]
>   * New patch 911_rowcolspan.patch to fix stack smashing [CVE-2016-9422]
>   * New patch 912_i-dd.patch to fix uninit values
>     [CVE-2016-9435] [CVE-2016-9436]
>   * New patch 913_tabwidth.patch to fix heap corruption [CVE-2016-9426]
>   * New patch 914_curline.patch to fix near-null deref [CVE-2016-9440]
>   * New patch 915_table-alt.patch to fix near-null deref [CVE-2016-9441]
>   * New patch 916_anchor.patch to fix heap write
>     [CVE-2016-9425] [CVE-2016-9428]
>   * New patch 917_strgrow.patch to fix potential heap buffer corruption
>     [CVE-2016-9442]
>   * New patch 918_form-value.patch to fix null deref [CVE-2016-9443]
>   * New patch 919_form-update.patch to fix buffer overflow
>     [CVE-2016-9429] [CVE-2016-9621]
>   * New patch 920_table.patch to fix stack overflow [CVE-2016-9439]
>     (closes: #844726)
>   * New patch 921_cotable.patch to fix null deref
>     (additional fix for #844726)
>   * New patch 922_lineproc.patch to fix null deref [CVE-2016-9622]
>   * New patch 923_tagproc.patch to fix null deref [CVE-2016-9623]
>   * New patch 924_curline.patch to fix near-null deref [CVE-2016-9624]
>   * New patch 925_lineproc.patch to fix stack overflow [CVE-2016-9625]
>   * New patch 926_indent-level.patch to fix stack overflow [CVE-2016-9626]
>   * New patch 927_symbol.patch to fix array index [CVE-2016-9627]
>   * New patch 928_form-id.patch to fix null deref [CVE-2016-9628]
>   * New patch 929_anchor.patch to fix null deref [CVE-2016-9629]
>   * New patch 930_tbl-mode.patch to fix null deref [CVE-2016-9631]
>   * New patch 931_parse-url.patch to fix buffer overflow [CVE-2016-9630]
>   * New patch 932_ucsmap.patch to fix buffer overflow [CVE-2016-9632]
>   * New patch 933_table-level.patch to fix out of memory [CVE-2016-9633]
> 
>  -- Tatsuya Kinoshita <tats@debian.org>  Thu, 24 Nov 2016 19:49:18 +0900
> 
> Please let me know if I can upload it.
> 
Kind of looks like this is papering over code that was written for a
different era :/

Please go ahead.

Cheers,
Julien

Reply to:

Follow-Ups:
- Bug#845263: jessie-pu: package w3m/0.5.3-19+deb8u1
  - From: Tatsuya Kinoshita <tats@debian.org>

Prev by Date: Processed: Re: Bug#843701: jessie-pu: package boinc/7.4.23+dfsg-1
Next by Date: Processed: Re: Bug#845263: jessie-pu: package w3m/0.5.3-19+deb8u1
Previous by thread: Processed: Re: Bug#843701: jessie-pu: package boinc/7.4.23+dfsg-1
Next by thread: Processed: Re: Bug#845263: jessie-pu: package w3m/0.5.3-19+deb8u1
Index(es):
- Date
- Thread