UbuntuUpdates.org

Package "w3m-img"

Name: w3m-img

Description:

inline image extension support utilities for w3m

Latest version: 0.5.3-5ubuntu1.3
Release: precise (12.04)
Level: updates
Repository: universe
Head package: w3m
Homepage: http://sourceforge.net/projects/w3m

Links


Download "w3m-img"


Other versions of "w3m-img" in Precise

Repository Area Version
base universe 0.5.3-5ubuntu1
security universe 0.5.3-5ubuntu1.3

Changelog

Version: 0.5.3-5ubuntu1.3 2021-05-03 16:06:23 UTC

  w3m (0.5.3-5ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: Infinite recursion flaw in HTMLlineproc0
    - debian/patches/CVE-2018-6196.patch: prevent negative indent value
      in table.c.
    - CVE-2018-6196
  * SECURITY UPDATE: NULL pointer dereference flaw in formUpdateBuffer
    - debian/patches/CVE-2018-6197.patch: prevent invalid columnPos() call
      in form.c.
    - CVE-2018-6197
  * SECURITY UPDATE: does not properly handle temp files
    - debian/patches/CVE-218-6198.patch: make temp directory safely
      in config.h.dist, config.h.in, configure, configure.ac, main.c and rc.c.
    - CVE-2018-6198

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 30 Jan 2018 15:58:45 -0300

Source diff to previous version
CVE-2018-6196 w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a neg
CVE-2018-6197 w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
CVE-2018-6198 w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink

Version: 0.5.3-5ubuntu1.2 2017-03-02 17:07:13 UTC

  w3m (0.5.3-5ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: backport large quantity of security fixes from
      Debian's 0.5.3-19+deb8u1 release. Thanks to Tatsuya Kinoshita.
    - CVE-2016-9422, CVE-2016-9423, CVE-2016-9424, CVE-2016-9425,
      CVE-2016-9426, CVE-2016-9428, CVE-2016-9429, CVE-2016-9430,
      CVE-2016-9431, CVE-2016-9432, CVE-2016-9433, CVE-2016-9434,
      CVE-2016-9435, CVE-2016-9436, CVE-2016-9437, CVE-2016-9438,
      CVE-2016-9439, CVE-2016-9440, CVE-2016-9441, CVE-2016-9442,
      CVE-2016-9443, CVE-2016-9622, CVE-2016-9623, CVE-2016-9624,
      CVE-2016-9625, CVE-2016-9626, CVE-2016-9627, CVE-2016-9628,
      CVE-2016-9629, CVE-2016-9630, CVE-2016-9631, CVE-2016-9632,
      CVE-2016-9633

 -- Marc Deslauriers <email address hidden> Wed, 01 Mar 2017 14:05:47 -0500

Source diff to previous version
CVE-2016-9422 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of
CVE-2016-9423 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denia
CVE-2016-9424 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows rem
CVE-2016-9425 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows
CVE-2016-9426 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows r
CVE-2016-9428 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows
CVE-2016-9429 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote atta
CVE-2016-9430 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9431 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a
CVE-2016-9432 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruptio
CVE-2016-9433 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds ar
CVE-2016-9434 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9435 The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the a
CVE-2016-9436 parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted
CVE-2016-9437 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9438 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9439 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a
CVE-2016-9440 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9441 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9442 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditio
CVE-2016-9443 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9622 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9623 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9624 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9625 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a
CVE-2016-9626 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a
CVE-2016-9627 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer over
CVE-2016-9628 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9629 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9630 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer ov
CVE-2016-9631 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fau
CVE-2016-9632 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer ov
CVE-2016-9633 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop an

Version: 0.5.3-5ubuntu1.1 2013-09-27 12:07:31 UTC

  w3m (0.5.3-5ubuntu1.1) precise; urgency=low

  * Backport from Debian (Tatsuya Kinoshita):
    - Assume "text" if a form input type is unknown (closes: #615843,
      LP: #1193136).
 -- Colin Watson <email address hidden> Thu, 19 Sep 2013 10:22:30 +0100

1193136 launchpad login service doesn't render in w3m (\u003c= precise)
615843 w3m - Ignores input tags with invalid types - Debian Bug report logs



About   -   Send Feedback to @ubuntu_updates