Bug#850440: jessie-pu: package w3m/0.5.3-19+deb8u2

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 -moreinfo +confirmed

On Sun, 2017-01-29 at 07:12 +0900, Tatsuya Kinoshita wrote:
> On January 28, 2017 at 5:26PM +0000, adam (at adam-barratt.org.uk) wrote:
> >> w3m (0.5.3-19+deb8u2) jessie; urgency=medium
> >>
> >>   * Fix multiple vulnerabilities (closes: #850432)
> >
> > How soon {w,sh}ould we expect a request for +deb8u3 with another huge
> > pile of changes?
> 
> Currently, there is no plan.  Recently an infinite recursion issue
> was reported, but I'm in no hurry about it.  I'll consider to make
> +deb8u3 if more important issues are discovered.
> 
> FYI, recent multiple issues were reported by Kuang-che Wu with
> his fuzzing tools:
> 
>   - w3m fuzzing & issue reproduce
>     https://github.com/kcwu/fuzzing-w3m
> 
> At the version 0.5.3+git20161218, Kuang-che Wu says:
> <https://github.com/tats/w3m/commit/f33b7b2df0a125ae72b1d61d88e2c511f425b228#commitcomment-20225724>
> > FYI, current version looks good. My fuzzing session cannot find
> > anything interesting for several days.

Thanks. If you're still interested in doing this, please feel free to
upload.

Regards,

Adam