Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 05 Dec 2016 11:38:41 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 215070] security/vuxml: multiple security vulnerabilities in w3m
Message-ID:  <bug-215070-13@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215070

            Bug ID: 215070
           Summary: security/vuxml: multiple security vulnerabilities in
                    w3m
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam@FreeBSD.org
          Reporter: kcwu@csie.org
          Assignee: ports-secteam@FreeBSD.org
             Flags: maintainer-feedback?(ports-secteam@FreeBSD.org)

Created attachment 177687
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D177687&action=
=3Dedit
VuXML entry

There are many known security vulnerabilities in w3m and got CVEs assigned.
http://seclists.org/oss-sec/2016/q4/452
http://seclists.org/oss-sec/2016/q4/516

The original report is for debian's w3m (one active maintained fork of orig=
inal
w3m). FreeBSD's w3m should share all these vulnerabilities (I believe so, b=
ut I
didn't verify them individually).

Regarding to vuxml entry, I don't know how to write the version range thoug=
h.
Because currently only debian's fork (https://github.com/tats/w3m) is known
fixed these issues. The original w3m (sf.net/projects/w3m), which FreeBSD u=
ses,
is inactive for years.

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215070-13>