[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Preparation of Debian GNU/Linux 2.2r4



Hi,

At Sat, 13 Oct 2001 12:32:24 +0200,
Martin Schulze wrote:

> Accepted packages
> -----------------

> w3m         stable    0.1.10+0.1.11pre+kokb23-1  alpha, arm, i386, sparc
> w3m         stable    0.1.6-4                    powerpc
> w3m         updates   0.1.10+0.1.11pre+kokb23-4  alpha, arm, i386, powerpc, sparc
> 
> install w3m_0.1.10+0.1.11pre+kokb23-4_i386.changes
> install w3m_0.1.10+0.1.11pre+kokb23-4_security.changes
> 
> 	* [SECURITY FIX] backport fix of mime header buffer overflow
> 	  SNS Advisory No.32
> 	  w3m malformed MIME header Buffer Overflow Vulnerability
> 	  http://www.lac.co.jp/security/snsadv/32.html (Japanese)
> 	* dont install w3m.el in emacs dir because it wont work well.
> 	  closes: Bug#96385
> 
> 	It's an unknown security fix, but w3m fixed tend to be
> 	japanese only, so we can't handle them properly anyway...
> 	Even all architectures are in sync, wow.

This security advisory is already translated in English
http://www.lac.co.jp/security/english/snsadv_e/32_e.html

> Further investigation
> ---------------------

> w3m-ssl      updates   0.1.10+0.1.11pre+kokb23-4  i386
> 
> delay-install w3m-ssl_0.1.10+0.1.11pre+kokb23-4_i386.changes
> 
> 	Unknown security fix

Same security fix as above
 http://www.lac.co.jp/security/english/snsadv_e/32_e.html

w3m-ssl is simply ssl enabled version of w3m

> 	5/6 architectures missing

How can I help to sync all architecture?

Regards,
Fumitoshi UKAI



Reply to: