Add CVE IDs
cf. https://security-tracker.debian.org/tracker/source-package/w3m http://www.openwall.com/lists/oss-security/2016/11/24/1
This commit is contained in:
Tatsuya Kinoshita
26
ChangeLog
26
ChangeLog
@@ -17,15 +17,15 @@
|
||||
|
||||
* libwc/ucs.c, libwc/ucs.map:
|
||||
Prevent global-buffer-overflow in wc_any_to_ucs().
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/43
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/43 [CVE-2016-9632]
|
||||
|
||||
2016-11-17 Tatsuya Kinoshita <tats@debian.org>
|
||||
|
||||
* url.c: Prevent global-buffer-overflow in parseURL().
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/41
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/41 [CVE-2016-9630]
|
||||
|
||||
* file.c: Prevent deref null pointer in HTMLlineproc0().
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/42
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/42 [CVE-2016-9631]
|
||||
|
||||
2016-11-15 Tatsuya Kinoshita <tats@debian.org>
|
||||
|
||||
@@ -42,16 +42,16 @@
|
||||
This reverts commit f393faf55975a94217df479e1bd06ee4403c6958.
|
||||
|
||||
* anchor.c: Prevent deref null pointer in shiftAnchorPosition().
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/40
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/40 [CVE-2016-9629]
|
||||
|
||||
2016-11-14 Tatsuya Kinoshita <tats@debian.org>
|
||||
|
||||
* file.c: Prevent null pointer deref due to bad form id.
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/39
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/39 [CVE-2016-9628]
|
||||
|
||||
* display.c, file.c, fm.h, symbol.c:
|
||||
Prevent array index out of bounds for symbol.
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/38
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/38 [CVE-2016-9627]
|
||||
|
||||
2016-11-13 Tatsuya Kinoshita <tats@debian.org>
|
||||
|
||||
@@ -69,12 +69,12 @@
|
||||
2016-11-09 Tatsuya Kinoshita <tats@debian.org>
|
||||
|
||||
* table.c: Check indent_level to prevent infinite recursion.
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/37
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/37 [CVE-2016-9626]
|
||||
|
||||
2016-11-07 Tatsuya Kinoshita <tats@debian.org>
|
||||
|
||||
* file.c: Prevent infinite recursion in HTMLlineproc0.
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/36
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/36 [CVE-2016-9625]
|
||||
|
||||
* NEWS, w3m-doc/install.html.in:
|
||||
Update documents for included w3mdict.cgi.
|
||||
@@ -90,16 +90,16 @@
|
||||
2016-11-07 Tatsuya Kinoshita <tats@debian.org>
|
||||
|
||||
* form.c: Prevent dereference near-null pointer in formUpdateBuffer.
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/35
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/35 [CVE-2016-9624]
|
||||
|
||||
* file.c: Prevent crash after allocate string of negative size.
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/33
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/33 [CVE-2016-9623]
|
||||
|
||||
* file.c: Prevent memory exhausted due to repeat appending "</table>".
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/23
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/23 [CVE-2016-9633]
|
||||
|
||||
* file.c: Prevent null pointer dereference in HTMLlineproc2body.
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/32
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/32 [CVE-2016-9622]
|
||||
|
||||
2016-10-31 Tatsuya Kinoshita <tats@debian.org>
|
||||
|
||||
@@ -137,7 +137,7 @@
|
||||
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838952
|
||||
|
||||
* form.c: Prevent global-buffer-overflow write in formUpdateBuffer.
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/29 [CVE-2016-9429]
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/29 [CVE-2016-9429] [CVE-2016-9621]
|
||||
|
||||
* form.c: Fix null pointer dereference in formUpdateBuffer.
|
||||
Bug-Debian: https://github.com/tats/w3m/issues/28 [CVE-2016-9443]
|
||||
|
||||
9
NEWS
9
NEWS
@@ -1,8 +1,15 @@
|
||||
Debian's w3m 0.5.3+gitYYYYMMDD
|
||||
|
||||
* bug fixes
|
||||
|
||||
Debian's w3m 0.5.3+git20161120
|
||||
|
||||
* bug fixes
|
||||
- fix multiple flaws with malformed text
|
||||
(stack overflow, buffer overflow, null deref, out of memory)
|
||||
[CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625],
|
||||
[CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629],
|
||||
[CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633]
|
||||
- fix stack overflow with nested table and textarea [CVE-2016-9439]
|
||||
- fix suspend (^Z) behavior
|
||||
|
||||
@@ -27,7 +34,7 @@ Debian's w3m 0.5.3+git20161031
|
||||
[CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430],
|
||||
[CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434],
|
||||
[CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438],
|
||||
[CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443]
|
||||
[CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621]
|
||||
- fix potential heap buffer corruption due to Strgrow [CVE-2016-9442]
|
||||
- disable SSLv2 and SSLv3 by default [CVE-2014-3566]
|
||||
- set ssl_verify_server to 1 by default
|
||||
|
||||
Reference in New Issue
Block a user