w3m: CVE-2016-9439: stack overflow

Debian Bug report logs - #844726
w3m: CVE-2016-9439: stack overflow

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: w3m: CVE-2016-9439: stack overflow

Date: Fri, 18 Nov 2016 14:35:28 +0100

Source: w3m
Version: 0.5.3-8
Severity: normal
Tags: security upstream patch
Forwarded: https://github.com/tats/w3m/issues/20

Hi,

the following vulnerability was published for w3m, I'm aware that this
is as well already fixed in the upstream git master. This bug is just
to track the issue since unfixed in 0.5.3-30 so that we can record it
as fixed once enters unstable.

CVE-2016-9439[0]:
stack overflow

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9439

Regards and thanks for your work!
Salvatore

p.s.: all of the recently posted issues which got CVEs, seem to not
      warrant a DSA, but can be fixed via a point release. We have
      marked them already as such in the security-tracker.

Message #10 received at 844726-close@bugs.debian.org (full text, mbox, reply):

From: Tatsuya Kinoshita <tats@debian.org>

To: 844726-close@bugs.debian.org

Subject: Bug#844726: fixed in w3m 0.5.3-33

Date: Mon, 21 Nov 2016 12:34:08 +0000

Source: w3m
Source-Version: 0.5.3-33

We believe that the bug you reported is fixed in the latest version of
w3m, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 844726@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tatsuya Kinoshita <tats@debian.org> (supplier of updated w3m package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 21 Nov 2016 21:08:37 +0900
Source: w3m
Binary: w3m w3m-img
Architecture: source amd64
Version: 0.5.3-33
Distribution: unstable
Urgency: medium
Maintainer: Tatsuya Kinoshita <tats@debian.org>
Changed-By: Tatsuya Kinoshita <tats@debian.org>
Description:
 w3m        - WWW browsable pager with excellent tables/frames support
 w3m-img    - inline image extension support utilities for w3m
Closes: 844726
Changes:
 w3m (0.5.3-33) unstable; urgency=medium
 .
   * Update 020_debian.patch to v0.5.3+git20161120
     - Prevent stack overflow (closes: #844726) [CVE-2016-9439]
   * Update w3mconfig to use xsel as background
Checksums-Sha1:
 462fda3961d7446e375ea1d88918011ffc3ad5e2 2040 w3m_0.5.3-33.dsc
 8c58af62735011f6d220a974e5418e0d52888fba 183952 w3m_0.5.3-33.debian.tar.xz
 d48633ffd21ceb39ce58e01d1e03ed985ec365b6 805912 w3m-dbgsym_0.5.3-33_amd64.deb
 56805abf5e47b338ee9d0b575b7d8e4b12e7589e 27068 w3m-img-dbgsym_0.5.3-33_amd64.deb
 158f51b3710c7211aa76dd2f678b29867537b33b 128290 w3m-img_0.5.3-33_amd64.deb
 07fec7d95a1346dbd9055d29b397e9c4aa5229cf 6653 w3m_0.5.3-33_20161121T121142z-1785b949.buildinfo
 9b39f96380f11b691e871fc49ea8fd986ca38cf5 1030028 w3m_0.5.3-33_amd64.deb
Checksums-Sha256:
 9a29fa1f37bb2fc88181dc333032344af12ab126b6195ea7fa2902a5d240cec6 2040 w3m_0.5.3-33.dsc
 503c4761542e4650545986b5347ec6af1f77c8fc2e9d8c9a1ef516f4ccaa1948 183952 w3m_0.5.3-33.debian.tar.xz
 e4740829f309828ea29435e6f3073233a53c5d57aa7f06b43799afb37ca404ba 805912 w3m-dbgsym_0.5.3-33_amd64.deb
 63191cdeb567fce64c6c58ed53006ae8769e1eda6f8fda1e7aa8cdca196dea4f 27068 w3m-img-dbgsym_0.5.3-33_amd64.deb
 2278b68d04ddbce3ec5f9aaff47f369229928c79cd5ef224630005b01a20059c 128290 w3m-img_0.5.3-33_amd64.deb
 56895e23872d7144cd5262766a7120dcb98c1533bb5fb9711ad15f208a78d253 6653 w3m_0.5.3-33_20161121T121142z-1785b949.buildinfo
 389eb62fb7b46664564c89e585bda2142e6ab41e4ddb12916481fba51256f3a3 1030028 w3m_0.5.3-33_amd64.deb
Files:
 98085b1fc065bd6b71ccedf15276b923 2040 web optional w3m_0.5.3-33.dsc
 5bc23e68fad560ddb2bc74ea5e6465e1 183952 web optional w3m_0.5.3-33.debian.tar.xz
 940bd9eae45fd327d8ac8a0be6a96f31 805912 debug extra w3m-dbgsym_0.5.3-33_amd64.deb
 128b302ba3d474471278d254abe32496 27068 debug extra w3m-img-dbgsym_0.5.3-33_amd64.deb
 b4324a8953fe67f7c6ec10763b9d1fe7 128290 web optional w3m-img_0.5.3-33_amd64.deb
 1785b949d128f4645f953e49604211f1 6653 web optional w3m_0.5.3-33_20161121T121142z-1785b949.buildinfo
 79a37f3b9fefc64b344b562bf0ae13cf 1030028 web optional w3m_0.5.3-33_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEAxxiPZTvHz7xexyE5e+rkAgOpjwFAlgy5SgACgkQ5e+rkAgO
pjzvDA/9H+96oGm1VFOTCcpci8YnXYAYIkwFG/iPXl04a2RlUbzwubJCYwIxto4m
aE4NxRNm+dArH3FQPvcotosS23YjzediQPgSyiOT3xoHCqxX3Ycw+jA81x/sS9rF
ibgYtwMJ10ir9XuxHTgT8VWbX6+rhWVn8OJQPMc+WbyoC/rtY3c+hx2LaHC/WS5w
JkEtPkU8Vpw3G4/ICGQyeAxVGGcvs3jGKSsCCyAL/mycDJg5XjIlxnK8CVBAnwan
WHokmdxiyjllyznBOFb4nTwrNqeyTOK9GZE+OZjGPnQ+4KJsr0ujKP0y2ph4NKiy
HGpKJCJsDjXAGSMFVU/N3bLvq18XLPyYju/elldXRDJPeZAEZkr37DyG68TR9kjV
Nn8xnGzL5zC/WNEnYB0ZX9RZzhPVmMoh9bxbaItdUbu//lwUM16yuICP+383KLPk
go/gVRtuF8cMoWYC4t3RDTCMaCvIC1ZlPHaGubWrl2a+1qu7XOpPLQ0KFUWiwhSG
c+uMvBn8yaOXrHR4pKR/kWBitJ+ihpUarLBIWbV8Fq2yNVSaMCcdv1AqCHJAoD/F
moNeBBjuLhmV+P9hE8RVY4ox3XcXC256iSM/6yKjvTzwTC0yYl+e7iSxiLhTRLvN
c87eGnydUsmr1pxW0GoLWR21mMTxeo12OWmTx1dbGSDVwSlVVvA=
=zNgU
-----END PGP SIGNATURE-----

Message #15 received at 844726-close@bugs.debian.org (full text, mbox, reply):

From: Tatsuya Kinoshita <tats@debian.org>

To: 844726-close@bugs.debian.org

Subject: Bug#844726: fixed in w3m 0.5.3-19+deb8u1

Date: Sat, 24 Dec 2016 21:02:27 +0000

Source: w3m
Source-Version: 0.5.3-19+deb8u1

We believe that the bug you reported is fixed in the latest version of
w3m, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 844726@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tatsuya Kinoshita <tats@debian.org> (supplier of updated w3m package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 24 Nov 2016 19:49:18 +0900
Source: w3m
Binary: w3m w3m-img
Architecture: source amd64
Version: 0.5.3-19+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Tatsuya Kinoshita <tats@debian.org>
Changed-By: Tatsuya Kinoshita <tats@debian.org>
Description:
 w3m        - WWW browsable pager with excellent tables/frames support
 w3m-img    - inline image extension support utilities for w3m
Closes: 820162 820373 844726
Changes:
 w3m (0.5.3-19+deb8u1) jessie; urgency=medium
 .
   * New patch 901_ucsmap.patch to fix array index (closes: #820162)
   * New patch 902_johab1.patch to fix array index (closes: #820373)
   * New patch 903_input-type.patch to fix null deref [CVE-2016-9430]
   * New patch 904_form-update.patch to fix overflow
     [CVE-2016-9423] [CVE-2016-9431]
   * New patch 905_textarea.patch to fix heap write [CVE-2016-9424]
   * New patch 906_form-update.patch to fix bcopy size [CVE-2016-9432]
   * New patch 907_iso2022.patch to fix array index [CVE-2016-9433]
   * New patch 908_forms.patch to fix null deref [CVE-2016-9434]
   * New patch 909_button-type.patch to fix rodata write [CVE-2016-9437]
   * New patch 910_input-alt.patch to fix null deref [CVE-2016-9438]
   * New patch 911_rowcolspan.patch to fix stack smashing [CVE-2016-9422]
   * New patch 912_i-dd.patch to fix uninit values
     [CVE-2016-9435] [CVE-2016-9436]
   * New patch 913_tabwidth.patch to fix heap corruption [CVE-2016-9426]
   * New patch 914_curline.patch to fix near-null deref [CVE-2016-9440]
   * New patch 915_table-alt.patch to fix near-null deref [CVE-2016-9441]
   * New patch 916_anchor.patch to fix heap write
     [CVE-2016-9425] [CVE-2016-9428]
   * New patch 917_strgrow.patch to fix potential heap buffer corruption
     [CVE-2016-9442]
   * New patch 918_form-value.patch to fix null deref [CVE-2016-9443]
   * New patch 919_form-update.patch to fix buffer overflow
     [CVE-2016-9429] [CVE-2016-9621]
   * New patch 920_table.patch to fix stack overflow [CVE-2016-9439]
     (closes: #844726)
   * New patch 921_cotable.patch to fix null deref
     (additional fix for #844726)
   * New patch 922_lineproc.patch to fix null deref [CVE-2016-9622]
   * New patch 923_tagproc.patch to fix null deref [CVE-2016-9623]
   * New patch 924_curline.patch to fix near-null deref [CVE-2016-9624]
   * New patch 925_lineproc.patch to fix stack overflow [CVE-2016-9625]
   * New patch 926_indent-level.patch to fix stack overflow [CVE-2016-9626]
   * New patch 927_symbol.patch to fix array index [CVE-2016-9627]
   * New patch 928_form-id.patch to fix null deref [CVE-2016-9628]
   * New patch 929_anchor.patch to fix null deref [CVE-2016-9629]
   * New patch 930_tbl-mode.patch to fix null deref [CVE-2016-9631]
   * New patch 931_parse-url.patch to fix buffer overflow [CVE-2016-9630]
   * New patch 932_ucsmap.patch to fix buffer overflow [CVE-2016-9632]
   * New patch 933_table-level.patch to fix out of memory [CVE-2016-9633]
Checksums-Sha1:
 6bb15dea070c42796a7c04d93d9970e27b1caea2 2074 w3m_0.5.3-19+deb8u1.dsc
 3f05a22dd45d5f23e8eeec3d5c9a5943f7cb766a 102744 w3m_0.5.3-19+deb8u1.debian.tar.xz
 8bd8410e40aac44f436be655fac545f193a0adfb 991950 w3m_0.5.3-19+deb8u1_amd64.deb
 a0a3987365a1f38d98a3d3969560375eb29fa091 119606 w3m-img_0.5.3-19+deb8u1_amd64.deb
Checksums-Sha256:
 a108a9c9dd410b3f0e8d1d5e2b259188a4d7290768b6e64bc2f635bc9c26ab41 2074 w3m_0.5.3-19+deb8u1.dsc
 8e419b56c4a3592074f35b785e77f83d55c96b9580ee1d1276076c0cefd93382 102744 w3m_0.5.3-19+deb8u1.debian.tar.xz
 9ba74d403f3549f3bb9f3eec2667c8284b821204c377e45c85bf805ccb278f11 991950 w3m_0.5.3-19+deb8u1_amd64.deb
 ae86359518bc1a0b542e4f58999eeefce85677b783c42672e72cb85733b430c8 119606 w3m-img_0.5.3-19+deb8u1_amd64.deb
Files:
 c1922ce8a64a4743ced11a2309fc0a05 2074 web standard w3m_0.5.3-19+deb8u1.dsc
 671b3bf50a60b8152919416317630af0 102744 web standard w3m_0.5.3-19+deb8u1.debian.tar.xz
 ea0309940a2bf6bbea5d715df6d629a0 991950 web standard w3m_0.5.3-19+deb8u1_amd64.deb
 17266a3930c72911e70b0d1edc467a84 119606 web optional w3m-img_0.5.3-19+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEAxxiPZTvHz7xexyE5e+rkAgOpjwFAlhWsCAACgkQ5e+rkAgO
pjxWOA/+P2d345rlycHVexOU9+LuFGZxSvOQN7QrtMBjo6UW7RInWdLJ8y5yutkC
JYQAvyJD4erimnic4WprSfv6Av6LL+HBp9SDkViXXthLfaxkvs+YcRfGqh0BSK++
VoyWjgmec2csddPi2WjBkWS/J1URLd2HUgQiPidyUk2+ugPlyt2AABBhPjQshZxH
AeFRzy/b1Odem5gkEN1Z2ioHaAAnGTFDTtf557S70bmo9ugGmECABPpHt2p1B3t4
UlQJpol9A+HEZiSE5/8+PYM6tk/vopHJPPsADaI8o2rfJAkY3EY5UZDFd53kwFKu
2d/WccMfVT2aByCUJB4aGoY0jwv0UeyQS1/6atsYbrlObh5wju3qClBjAfj8bSSM
SeVQzTxoF9gIm/igN71aejPaEkAEOZ5f668/+MvIEBq+9qYCgi2S2oszJfGRfCkb
queZ7fK8FYoXquU0btscab0yYb5nwmISh7SmcpHBYf4F/oDI0t2b05xTMEZTk1nf
Qm851sMlCgG0s+vxcOm9pxRzOToIBv7YhBTFz5+hPP5pB8qOb/91dOUQpauTmTJP
oIMP56SYBtBzUOsAoFrowAzF9fvdF/5l5KsUmuc67ycv5EXO9BQjARb5r8MGpma2
yw6CRPv1bNYDOxNcRI9U/kPejo/PfErjYloB3s8MOGLokXCJ+zs=
=MREH
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.