diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 13:37:04 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:03:33 +0000 |
commit | 0e4b8461a50bf5cc51d11308f2b38774b09d33ab (patch) | |
tree | 280bda6120f8467ec67501848adbca18e76b14da /debian | |
parent | New patch 903_input-type.patch to fix null deref [CVE-2016-9430] (diff) | |
download | w3m-0e4b8461a50bf5cc51d11308f2b38774b09d33ab.tar.gz w3m-0e4b8461a50bf5cc51d11308f2b38774b09d33ab.zip |
New patch 904_form-update.patch to fix overflow
[CVE-2016-9423] [CVE-2016-9431]
Diffstat (limited to 'debian')
-rw-r--r-- | debian/patches/904_form-update.patch | 19 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/904_form-update.patch b/debian/patches/904_form-update.patch new file mode 100644 index 0000000..00967a0 --- /dev/null +++ b/debian/patches/904_form-update.patch @@ -0,0 +1,19 @@ +Subject: Prevent segfault for formUpdateBuffer +Author: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/9 [CVE-2016-9423] +Bug-Debian: https://github.com/tats/w3m/issues/10 [CVE-2016-9431] +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=9f0bdcfdf061db3520bd1f112bdc5e83acdec4be + +diff --git a/form.c b/form.c +index 62b568e..87a5d49 100644 +--- a/form.c ++++ b/form.c +@@ -477,6 +477,8 @@ formUpdateBuffer(Anchor *a, Buffer *buf, FormItemList *form) + spos = a->start.pos; + epos = a->end.pos; + } ++ if (a->start.line != a->end.line || spos > epos) ++ epos = spos; + pos = form_update_line(l, &p, spos, epos, COLPOS(l, epos) - col, + rows > 1, + form->type == FORM_INPUT_PASSWORD); diff --git a/debian/patches/series b/debian/patches/series index 7df5c12..778955c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -39,3 +39,4 @@ 901_ucsmap.patch 902_johab1.patch 903_input-type.patch +904_form-update.patch |