From 01d41d49b273a8cc75b27c6ab42291b46004fc0c Mon Sep 17 00:00:00 2001 From: Tatsuya Kinoshita Date: Thu, 25 Jan 2018 18:23:40 +0900 Subject: Add CVE IDs cf. https://security-tracker.debian.org/tracker/source-package/w3m --- ChangeLog | 6 ++++-- NEWS | 8 ++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 65bd46e..8e29091 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ * config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c: Make temporary directory safely when ~/.w3m is unwritable. + Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888097 + [CVE-2018-6198] * rc.c: Suppress error messages when ~/.w3m is unwritable. Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871425 @@ -16,7 +18,7 @@ Update config.* with autotools-dev 20171216.1. * table.c: Prevent negative indent value in feed_table_block_tag(). - Bug-Debian: https://github.com/tats/w3m/issues/88 + Bug-Debian: https://github.com/tats/w3m/issues/88 [CVE-2018-6196] 2018-01-06 Tatsuya Kinoshita @@ -39,7 +41,7 @@ 2017-12-27 Tatsuya Kinoshita * form.c: Prevent invalid columnPos() call in formUpdateBuffer(). - Bug-Debian: https://github.com/tats/w3m/issues/89 + Bug-Debian: https://github.com/tats/w3m/issues/89 [CVE-2018-6197] * main.c: Typo fix in fusage(). Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878106 diff --git a/NEWS b/NEWS index b05301b..4ed621a 100644 --- a/NEWS +++ b/NEWS @@ -1,9 +1,9 @@ -Debian's w3m 0.5.3+git20180121 +Debian's w3m 0.5.3+git20180125 * bug fixes - - fix stack overflow with malformed text - - fix null deref with malformed text - - make temporary directory safely when ~/.w3m is unwritable + - fix stack overflow with malformed text [CVE-2018-6196] + - fix null deref with malformed text [CVE-2018-6197] + - fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198] - do not remove w3mdict.cgi when "make distclean" - do not turn a form's GET into POST - correct parsing -- cgit v1.2.3