| Errata ID | 75 |
|---|---|
| Date | 2018-05-16 |
| Source package | w3m |
| Fixed in version | 0.5.3-34+deb9u1 |
| Description | This update addresses the following issues: * w3m is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. (CVE-2018-6196) * w3m is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. (CVE-2018-6197) * w3m does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. (CVE-2018-6198) |
| Additional notes | |
| CVE ID | CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 |
| UCS Bug number | #46623 |
