Control: tags -1 + fixed-upstream Hi,
On Mon, Sep 12, 2022 at 10:35:41PM +0200, Moritz Mühlenhoff wrote: > Source: w3m > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for w3m. > > CVE-2022-38223[0]: > | There is an out-of-bounds write in checkType located in etc.c in w3m > | 0.5.3. It can be triggered by sending a crafted HTML file to the w3m > | binary. It allows an attacker to cause Denial of Service or possibly > | have unspecified other impact. > > https://github.com/tats/w3m/issues/242 > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2022-38223 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38223 > > Please adjust the affected versions in the BTS as needed. Upstream has commited a fix as https://github.com/tats/w3m/commit/419ca82d57c72242817b55e2eaa4cdbf6916e7fa . Regards, Salvatore
