aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog32
-rw-r--r--NEWS20
-rw-r--r--menu.c2
3 files changed, 36 insertions, 18 deletions
diff --git a/ChangeLog b/ChangeLog
index 86fa1bf..2f222f5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2016-11-20 Tatsuya Kinoshita <tats@debian.org>
+
+ * NEWS: Update NEWS.
+
2016-11-19 Tatsuya Kinoshita <tats@debian.org>
* NEWS: Update NEWS.
@@ -13,15 +17,15 @@
* libwc/ucs.c, libwc/ucs.map:
Prevent global-buffer-overflow in wc_any_to_ucs().
- Bug-Debian: https://github.com/tats/w3m/issues/43
+ Bug-Debian: https://github.com/tats/w3m/issues/43 [CVE-2016-9632]
2016-11-17 Tatsuya Kinoshita <tats@debian.org>
* url.c: Prevent global-buffer-overflow in parseURL().
- Bug-Debian: https://github.com/tats/w3m/issues/41
+ Bug-Debian: https://github.com/tats/w3m/issues/41 [CVE-2016-9630]
* file.c: Prevent deref null pointer in HTMLlineproc0().
- Bug-Debian: https://github.com/tats/w3m/issues/42
+ Bug-Debian: https://github.com/tats/w3m/issues/42 [CVE-2016-9631]
2016-11-15 Tatsuya Kinoshita <tats@debian.org>
@@ -38,16 +42,16 @@
This reverts commit f393faf55975a94217df479e1bd06ee4403c6958.
* anchor.c: Prevent deref null pointer in shiftAnchorPosition().
- Bug-Debian: https://github.com/tats/w3m/issues/40
+ Bug-Debian: https://github.com/tats/w3m/issues/40 [CVE-2016-9629]
2016-11-14 Tatsuya Kinoshita <tats@debian.org>
* file.c: Prevent null pointer deref due to bad form id.
- Bug-Debian: https://github.com/tats/w3m/issues/39
+ Bug-Debian: https://github.com/tats/w3m/issues/39 [CVE-2016-9628]
* display.c, file.c, fm.h, symbol.c:
Prevent array index out of bounds for symbol.
- Bug-Debian: https://github.com/tats/w3m/issues/38
+ Bug-Debian: https://github.com/tats/w3m/issues/38 [CVE-2016-9627]
2016-11-13 Tatsuya Kinoshita <tats@debian.org>
@@ -65,12 +69,12 @@
2016-11-09 Tatsuya Kinoshita <tats@debian.org>
* table.c: Check indent_level to prevent infinite recursion.
- Bug-Debian: https://github.com/tats/w3m/issues/37
+ Bug-Debian: https://github.com/tats/w3m/issues/37 [CVE-2016-9626]
2016-11-07 Tatsuya Kinoshita <tats@debian.org>
* file.c: Prevent infinite recursion in HTMLlineproc0.
- Bug-Debian: https://github.com/tats/w3m/issues/36
+ Bug-Debian: https://github.com/tats/w3m/issues/36 [CVE-2016-9625]
* NEWS, w3m-doc/install.html.in:
Update documents for included w3mdict.cgi.
@@ -86,16 +90,16 @@
2016-11-07 Tatsuya Kinoshita <tats@debian.org>
* form.c: Prevent dereference near-null pointer in formUpdateBuffer.
- Bug-Debian: https://github.com/tats/w3m/issues/35
+ Bug-Debian: https://github.com/tats/w3m/issues/35 [CVE-2016-9624]
* file.c: Prevent crash after allocate string of negative size.
- Bug-Debian: https://github.com/tats/w3m/issues/33
+ Bug-Debian: https://github.com/tats/w3m/issues/33 [CVE-2016-9623]
* file.c: Prevent memory exhausted due to repeat appending "</table>".
- Bug-Debian: https://github.com/tats/w3m/issues/23
+ Bug-Debian: https://github.com/tats/w3m/issues/23 [CVE-2016-9633]
* file.c: Prevent null pointer dereference in HTMLlineproc2body.
- Bug-Debian: https://github.com/tats/w3m/issues/32
+ Bug-Debian: https://github.com/tats/w3m/issues/32 [CVE-2016-9622]
2016-10-31 Tatsuya Kinoshita <tats@debian.org>
@@ -133,7 +137,7 @@
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838952
* form.c: Prevent global-buffer-overflow write in formUpdateBuffer.
- Bug-Debian: https://github.com/tats/w3m/issues/29 [CVE-2016-9429]
+ Bug-Debian: https://github.com/tats/w3m/issues/29 [CVE-2016-9429] [CVE-2016-9621]
* form.c: Fix null pointer dereference in formUpdateBuffer.
Bug-Debian: https://github.com/tats/w3m/issues/28 [CVE-2016-9443]
@@ -411,7 +415,7 @@
* doc-jp/MANUAL.html, doc/MANUAL.html, fm.h, main.c, rc.c:
Add extbrowser4, extbrowser5, ..., and extbrowser9.
e.g.
- - extbrowser8 url=%s && printf %s "$url" | xsel && printf %s "$url" | xsel -b
+ - extbrowser8 url=%s && printf %s "$url" | xsel && printf %s "$url" | xsel -b &
- extbrowser9 mpv %s &
cf. https://github.com/spcmd/w3m
diff --git a/NEWS b/NEWS
index d005cbc..ee32612 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,19 @@
-w3m X.X.X - YYYY-MM-DD
+Debian's w3m 0.5.3+gitYYYYMMDD
+
+* bug fixes
+
+Debian's w3m 0.5.3+git20161120
+
+* bug fixes
+ - fix multiple flaws with malformed text
+ (stack overflow, buffer overflow, null deref, out of memory)
+ [CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625],
+ [CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629],
+ [CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633]
+ - fix stack overflow with nested table and textarea [CVE-2016-9439]
+ - fix suspend (^Z) behavior
+
+Debian's w3m 0.5.3+git20161031
* new features
- support OSC 5379 remote imaging and sixel graphics
@@ -19,7 +34,7 @@ w3m X.X.X - YYYY-MM-DD
[CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430],
[CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434],
[CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438],
- [CVE-2016-9439], [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443]
+ [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621]
- fix potential heap buffer corruption due to Strgrow [CVE-2016-9442]
- disable SSLv2 and SSLv3 by default [CVE-2014-3566]
- set ssl_verify_server to 1 by default
@@ -40,7 +55,6 @@ w3m X.X.X - YYYY-MM-DD
- fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14
- fix parallel make failure
- fix incorrect ucs_ambwidth_map
- - fix suspend (^Z) behavior
- and many fixes
w3m 0.5.3 - 2011-01-15
diff --git a/menu.c b/menu.c
index 01acc31..b0c890d 100644
--- a/menu.c
+++ b/menu.c
@@ -1741,7 +1741,7 @@ initMenu(void)
FILE *mf;
MenuList *list;
- w3mMenuList = New_N(MenuList, 3);
+ w3mMenuList = New_N(MenuList, 4);
w3mMenuList[0].id = "Main";
w3mMenuList[0].menu = &MainMenu;
w3mMenuList[0].item = MainMenuItem;