From 1db054fee2d6dc00904228898af5ad363d7305cb Mon Sep 17 00:00:00 2001
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 1 May 2020 20:30:11 +0900
Subject: Update to 0.5.3-19+deb8u3 for jessie-security

---
 debian/patches/956_CVE-2018-6197_columnpos.patch | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 debian/patches/956_CVE-2018-6197_columnpos.patch

(limited to 'debian/patches/956_CVE-2018-6197_columnpos.patch')

diff --git a/debian/patches/956_CVE-2018-6197_columnpos.patch b/debian/patches/956_CVE-2018-6197_columnpos.patch
new file mode 100644
index 0000000..10e94e3
--- /dev/null
+++ b/debian/patches/956_CVE-2018-6197_columnpos.patch
@@ -0,0 +1,18 @@
+Subject: Prevent invalid columnPos() call in formUpdateBuffer()
+From: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/89 [CVE-2018-6197]
+Origin: https://salsa.debian.org/debian/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
+
+Index: w3m-0.5.3/form.c
+===================================================================
+--- w3m-0.5.3.orig/form.c	2020-04-29 13:52:58.629142811 +0200
++++ w3m-0.5.3/form.c	2020-04-29 13:52:58.621142209 +0200
+@@ -483,6 +483,8 @@
+ 	rows = form->rows ? form->rows : 1;
+ 	col = COLPOS(l, a->start.pos);
+ 	for (c_rows = 0; c_rows < rows; c_rows++, l = l->next) {
++	    if (l == NULL)
++		break;
+ 	    if (rows > 1) {
+ 		pos = columnPos(l, col);
+ 		a = retrieveAnchor(buf->formitem, l->linenumber, pos);
-- 
cgit v1.2.3