Sicherheit: Mehrere Probleme in w3m

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2024-38c2261ca0
2024-03-27 01:36:32.511401
-------------------------------------------------------------------------------
-

Name : w3m
Product : Fedora 38
Version : 0.5.3
Release : 63.git20230121.fc38
URL : http://w3m.sourceforge.net/
Summary : Pager with Web browsing abilities
Description :
The w3m program is a pager (or text file viewer) that can also be used
as a text-mode Web browser. W3m features include the following: when
reading an HTML document, you can follow links and view images using
an external image viewer; its internet message mode determines the
type of document from the header; if the Content-Type field of the
document is text/html, the document is displayed as an HTML document;
you can change a URL description like 'http://hogege.net' in plain
text into a link to that URL.
If you want to display the inline images on w3m, you need to install
w3m-img package as well.

-------------------------------------------------------------------------------
-
Update Information:

Added upstream patch to fix out-of-bounds access due to multiple backspaces to
address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Mar 18 2024 Robert Scheck <robert@fedoraproject.org> -
0.5.3-63.git20230121
- Added upstream patch to fix out-of-bounds access due to multiple backspaces
to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> -
0.5.3-62.git20230121
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> -
0.5.3-61.git20230121
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #2222775 - CVE-2023-38252 w3m: Out of bounds read in Strnew_size()
at w3m/Str.c
https://bugzilla.redhat.com/show_bug.cgi?id=2222775
[ 2 ] Bug #2222779 - CVE-2023-38253 w3m: Out of bounds read in
growbuf_to_Str() at w3m/indep.c
https://bugzilla.redhat.com/show_bug.cgi?id=2222779
[ 3 ] Bug #2255207 - CVE-2023-4255 w3m: out-of-bounds write in function
checkType() in etc.c (incomplete fix for CVE-2022-38223)
https://bugzilla.redhat.com/show_bug.cgi?id=2255207
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-38c2261ca0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue