diff options
author | Thorsten Alteholz <debian@alteholz.de> | 2020-05-01 11:30:11 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2020-05-01 11:30:11 +0000 |
commit | 1db054fee2d6dc00904228898af5ad363d7305cb (patch) | |
tree | 675488be3c488e2370595b2120cb721e484d16b2 /debian/patches | |
parent | Debian release 0.5.3-19+deb8u2 (diff) | |
download | w3m-debian-jessie.tar.gz w3m-debian-jessie.zip |
Update to 0.5.3-19+deb8u3 for jessie-securitydebian/0.5.3-19+deb8u3debian-jessie
Diffstat (limited to '')
-rw-r--r-- | debian/patches/955_CVE-2018-6196_tbl-indent.patch | 24 | ||||
-rw-r--r-- | debian/patches/956_CVE-2018-6197_columnpos.patch | 18 | ||||
-rw-r--r-- | debian/patches/series | 3 |
3 files changed, 45 insertions, 0 deletions
diff --git a/debian/patches/955_CVE-2018-6196_tbl-indent.patch b/debian/patches/955_CVE-2018-6196_tbl-indent.patch new file mode 100644 index 0000000..279d2dd --- /dev/null +++ b/debian/patches/955_CVE-2018-6196_tbl-indent.patch @@ -0,0 +1,24 @@ +Subject: Prevent negative indent value in feed_table_block_tag() +From: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/88 [CVE-2018-6196] +Origin: https://salsa.debian.org/debian/w3m/commit/8354763b90490d4105695df52674d0fcef823e92 + +Index: w3m-0.5.3/table.c +=================================================================== +--- w3m-0.5.3.orig/table.c 2020-04-29 13:52:52.596689311 +0200 ++++ w3m-0.5.3/table.c 2020-04-29 13:52:52.592689010 +0200 +@@ -2357,10 +2357,14 @@ + if (mode->indent_level < MAX_INDENT_LEVEL) + tbl->indent -= INDENT_INCR; + } ++ if (tbl->indent < 0) ++ tbl->indent = 0; + offset = tbl->indent; + if (cmd == HTML_DT) { + if (mode->indent_level > 0 && mode->indent_level <= MAX_INDENT_LEVEL) + offset -= INDENT_INCR; ++ if (offset < 0) ++ offset = 0; + } + if (tbl->indent > 0) { + check_minimum0(tbl, 0); diff --git a/debian/patches/956_CVE-2018-6197_columnpos.patch b/debian/patches/956_CVE-2018-6197_columnpos.patch new file mode 100644 index 0000000..10e94e3 --- /dev/null +++ b/debian/patches/956_CVE-2018-6197_columnpos.patch @@ -0,0 +1,18 @@ +Subject: Prevent invalid columnPos() call in formUpdateBuffer() +From: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/89 [CVE-2018-6197] +Origin: https://salsa.debian.org/debian/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8 + +Index: w3m-0.5.3/form.c +=================================================================== +--- w3m-0.5.3.orig/form.c 2020-04-29 13:52:58.629142811 +0200 ++++ w3m-0.5.3/form.c 2020-04-29 13:52:58.621142209 +0200 +@@ -483,6 +483,8 @@ + rows = form->rows ? form->rows : 1; + col = COLPOS(l, a->start.pos); + for (c_rows = 0; c_rows < rows; c_rows++, l = l->next) { ++ if (l == NULL) ++ break; + if (rows > 1) { + pos = columnPos(l, col); + a = retrieveAnchor(buf->formitem, l->linenumber, pos); diff --git a/debian/patches/series b/debian/patches/series index 2deaeaf..bada3b7 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -90,3 +90,6 @@ 952_formupdatebuffer.patch 953_formupdateline.patch 954_wtfparse1.patch + +955_CVE-2018-6196_tbl-indent.patch +956_CVE-2018-6197_columnpos.patch |