Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 2 Feb 2018 18:20:05 +0000 (UTC)
From:      Brad Davis <brd@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r460722 - head/security/vuxml
Message-ID:  <201802021820.w12IK51Z016623@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: brd
Date: Fri Feb  2 18:20:05 2018
New Revision: 460722
URL: https://svnweb.freebsd.org/changeset/ports/460722

Log:
  Document vulns in www/w3m.
  
  PR:		225611
  Submitted by:	D. Ebdrup <debdrup@gmail.com>

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Feb  2 18:08:56 2018	(r460721)
+++ head/security/vuxml/vuln.xml	Fri Feb  2 18:20:05 2018	(r460722)
@@ -58,6 +58,36 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="e72d5bf5-07a0-11e8-8248-0021ccb9e74d">
+    <topic>w3m - multiple vulnerabilities</topic>
+    <affects>
+      <package>
+       <name>w3m</name>
+       <range><lt>0.5.3.20180125</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+       <p>Tatsuya Kinoshita reports:</p>
+       <blockquote cite="https://github.com/tats/w3m/commit/01d41d49b273a8cc75b27c6ab42291b46004fc0c">;
+       <p>CVE-2018-6196 * table.c: Prevent negative indent value in feed_table_block_tag().</p>
+       <p>CVE-2018-6197 * form.c: Prevent invalid columnPos() call in formUpdateBuffer().</p>
+       <p>CVE-2018-6198 * config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c: Make temporary directory safely when ~/.w3m is unwritable.</p>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://github.com/tats/w3m/commit/e773a0e089276f82c546447c0fd1e6c0f9156628</url>;
+       <cvename>CVE-2018-6196</cvename>
+       <cvename>CVE-2018-6196</cvename>
+       <cvename>CVE-2018-6196</cvename>
+    </references>
+    <dates>
+      <discovery>2018-01-25</discovery>
+      <entry>2018-02-01</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="103bf96a-6211-45ab-b567-1555ebb3a86a">
     <topic>firefox -- Arbitrary code execution through unsanitized browser UI</topic>
     <affects>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802021820.w12IK51Z016623>