Commit 01d41d49 authored by Tatsuya Kinoshita's avatar Tatsuya Kinoshita
parent 0ca159fb
...@@ -6,6 +6,8 @@ ...@@ -6,6 +6,8 @@
* config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c: * config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c:
Make temporary directory safely when ~/.w3m is unwritable. Make temporary directory safely when ~/.w3m is unwritable.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888097
[CVE-2018-6198]
* rc.c: Suppress error messages when ~/.w3m is unwritable. * rc.c: Suppress error messages when ~/.w3m is unwritable.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871425 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871425
...@@ -16,7 +18,7 @@ ...@@ -16,7 +18,7 @@
Update config.* with autotools-dev 20171216.1. Update config.* with autotools-dev 20171216.1.
* table.c: Prevent negative indent value in feed_table_block_tag(). * table.c: Prevent negative indent value in feed_table_block_tag().
Bug-Debian: https://github.com/tats/w3m/issues/88 Bug-Debian: https://github.com/tats/w3m/issues/88 [CVE-2018-6196]
2018-01-06 Tatsuya Kinoshita <tats@debian.org> 2018-01-06 Tatsuya Kinoshita <tats@debian.org>
...@@ -39,7 +41,7 @@ ...@@ -39,7 +41,7 @@
2017-12-27 Tatsuya Kinoshita <tats@debian.org> 2017-12-27 Tatsuya Kinoshita <tats@debian.org>
* form.c: Prevent invalid columnPos() call in formUpdateBuffer(). * form.c: Prevent invalid columnPos() call in formUpdateBuffer().
Bug-Debian: https://github.com/tats/w3m/issues/89 Bug-Debian: https://github.com/tats/w3m/issues/89 [CVE-2018-6197]
* main.c: Typo fix in fusage(). * main.c: Typo fix in fusage().
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878106 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878106
......
Debian's w3m 0.5.3+git20180121 Debian's w3m 0.5.3+git20180125
* bug fixes * bug fixes
- fix stack overflow with malformed text - fix stack overflow with malformed text [CVE-2018-6196]
- fix null deref with malformed text - fix null deref with malformed text [CVE-2018-6197]
- make temporary directory safely when ~/.w3m is unwritable - fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198]
- do not remove w3mdict.cgi when "make distclean" - do not remove w3mdict.cgi when "make distclean"
- do not turn a form's GET into POST - do not turn a form's GET into POST
- correct <base ...> parsing - correct <base ...> parsing
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment