-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-07 - - --------------------------------------------------------------------- PACKAGE : w3m SUMMARY : missing HTML quoting DATE : 2003-02-17 14:47 UTC EXPLOIT : remote - - --------------------------------------------------------------------- - From w3m release notes: "Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on." SOLUTION It is recommended that all Gentoo Linux users who are running net-www/w3m upgrade to w3m-0.3.2.2 as follows: emerge sync emerge -u w3m emerge clean - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UPYbfT7nyhUpoZMRAsIBAJ9VXr80M0q44vB0C8FrtuzUrE65/gCgkcu9 Vf4VW9lnTPTDTSBwZnAmc1k= =8w3p -----END PGP SIGNATURE-----
