[SECURITY] [DLA 3541-1] w3m security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3541-1] w3m security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Thu, 24 Aug 2023 13:48:38 +0200
Message-id: <[🔎] 20230824114838.GA14028@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3541-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
August 24, 2023                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : w3m
Version        : 0.5.3-37+deb10u1
CVE ID         : CVE-2022-38223
Debian Bug     : 1019599

Han Zheng discovered an out-of-bounds write in w3m, a text based web
browser and pager. It can be triggered by sending a crafted HTML file
to the w3m binary. It allows an attacker to cause Denial of Service
(DoS) or possibly have unspecified other impact.

For Debian 10 buster, this problem has been fixed in version
0.5.3-37+deb10u1.

We recommend that you upgrade your w3m packages.

For the detailed security status of w3m please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/w3m

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmTnQzYACgkQDTl9HeUl
XjCWbQ/9FP5txMuSkIOUCrRVbtmz48c6REctn/AhK/X5vem5SnrqHv0fDdkQjLiU
COOIOY87ij1vBQ8f1yCBGBH+nCqXZLvm3xg5Uctr9E05/QcU0KCMDXdC81Jr4YAz
totfHZb5ReS2PioWf+A4c2r//7MzyIRvaHS6SjRH+Hs5ZQez7Y1i2t6Kc1G1gups
n859FPdHLrIYjsGe1G+2u4dRBUcv7yEJAjNraRr4rcJfHGurgi1dlC/L8HTkJ5+4
Iyje78MR0tNtrbq90kcilwOXmWzaJYycX/bGPeVq2lPxpSlgeLPjQJ1H3HZjwXKv
iQMe0cLM4aHPWd+BBJ6bxm8bQlwvbvMOx4At4IUJ3aLBDLgWOLJVKOSi0VxTu4+C
T6CaG03+XioeVbz3NQArB8Ncg8liBiV9rgGoSCIqwo/tYcsPMvXx2uel10n+AZIu
GqY8wKOLLSx2e9RsGLJYLV2/COc7ml1Lyvf4rg/fBYsv8yc5ZguN51dX7aPV5IcR
WCdwdlVvW8B0jBMDRYh3j7uP6WawyBQOEQPQq6K1Hdb37xkZdReRgMbhiY1liJO9
E6MK8BTS1GcXxfu2Tz+NuXLp7Q5+dDN+ztOCYAynch2dQ1njkEl4izPR67LGq1VS
Zho7EwKje6GhafTFadIsZ43fa9AjjRyvRDBp6d0TgIT70HGASXk=
=lwx1
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3540-1] mediawiki security update
Next by Date: [SECURITY] [DLA 3542-1] unrar-nonfree security update
Previous by thread: [SECURITY] [DLA 3540-1] mediawiki security update
Next by thread: [SECURITY] [DLA 3542-1] unrar-nonfree security update
Index(es):
- Date
- Thread