[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#845263: marked as done (jessie-pu: package w3m/0.5.3-19+deb8u1)

Your message dated Sat, 14 Jan 2017 12:37:03 +0000
with message-id <1484397423.1091.25.camel@adam-barratt.org.uk>
and subject line Closing requests included in today's point release
has caused the Debian Bug report #845263,
regarding jessie-pu: package w3m/0.5.3-19+deb8u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
845263: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845263
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi, the release team,

I'd like to update package w3m in jessie to fix multiple security
flaws, CVE ID assigned issues and similar issues, managed as no DSA.

cf. https://security-tracker.debian.org/tracker/source-package/w3m
    http://www.openwall.com/lists/oss-security/2016/11/18/3

See this changelog and the attached debdiff.

w3m (0.5.3-19+deb8u1) jessie; urgency=medium

  * New patch 901_ucsmap.patch to fix array index (closes: #820162)
  * New patch 902_johab1.patch to fix array index (closes: #820373)
  * New patch 903_input-type.patch to fix null deref [CVE-2016-9430]
  * New patch 904_form-update.patch to fix overflow
    [CVE-2016-9423] [CVE-2016-9431]
  * New patch 905_textarea.patch to fix heap write [CVE-2016-9424]
  * New patch 906_form-update.patch to fix bcopy size [CVE-2016-9432]
  * New patch 907_iso2022.patch to fix array index [CVE-2016-9433]
  * New patch 908_forms.patch to fix null deref [CVE-2016-9434]
  * New patch 909_button-type.patch to fix rodata write [CVE-2016-9437]
  * New patch 910_input-alt.patch to fix null deref [CVE-2016-9438]
  * New patch 911_rowcolspan.patch to fix stack smashing [CVE-2016-9422]
  * New patch 912_i-dd.patch to fix uninit values
    [CVE-2016-9435] [CVE-2016-9436]
  * New patch 913_tabwidth.patch to fix heap corruption [CVE-2016-9426]
  * New patch 914_curline.patch to fix near-null deref [CVE-2016-9440]
  * New patch 915_table-alt.patch to fix near-null deref [CVE-2016-9441]
  * New patch 916_anchor.patch to fix heap write
    [CVE-2016-9425] [CVE-2016-9428]
  * New patch 917_strgrow.patch to fix potential heap buffer corruption
    [CVE-2016-9442]
  * New patch 918_form-value.patch to fix null deref [CVE-2016-9443]
  * New patch 919_form-update.patch to fix buffer overflow [CVE-2016-9429]
  * New patch 920_table.patch to fix stack overflow [CVE-2016-9439]
    (closes: #844726)
  * New patch 921_cotable.patch to fix null deref
  * New patch 922_lineproc.patch to fix null deref
  * New patch 923_tagproc.patch to fix negative size allocation
  * New patch 924_curline.patch to fix near-null deref
  * New patch 925_lineproc.patch to fix stack overflow
  * New patch 926_indent-level.patch to fix stack overflow
  * New patch 927_symbol.patch to fix array index
  * New patch 928_form-id.patch to fix null deref
  * New patch 929_anchor.patch to fix null deref
  * New patch 930_tbl-mode.patch to fix null deref
  * New patch 931_parse-url.patch to fix global-buffer-overflow
  * New patch 932_ucsmap.patch to fix global-buffer-overflow

 -- Tatsuya Kinoshita <tats@debian.org>  Tue, 22 Nov 2016 00:34:52 +0900

Please let me know if I can upload it.

Thanks,
--
Tatsuya Kinoshita

Attachment: w3m.debdiff
Description: Binary data

Attachment: pgpUpdonR6GFt.pgp
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Version: 8.7

Hi,

Each of these bugs refers to an update that was included in today's 8.7
point release.

Regards,

Adam

--- End Message ---
Reply to: