-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-3fc66f8bf3 2024-03-27 01:25:46.424178 -------------------------------------------------------------------------------- Name : w3m Product : Fedora 39 Version : 0.5.3 Release : 63.git20230121.fc39 URL : http://w3m.sourceforge.net/ Summary : Pager with Web browsing abilities Description : The w3m program is a pager (or text file viewer) that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from the header; if the Content-Type field of the document is text/html, the document is displayed as an HTML document; you can change a URL description like 'http://hogege.net' in plain text into a link to that URL. If you want to display the inline images on w3m, you need to install w3m-img package as well. -------------------------------------------------------------------------------- Update Information: Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 18 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 0.5.3-63.git20230121 - Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207) * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.3-62.git20230121 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2222775 - CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c https://bugzilla.redhat.com/show_bug.cgi?id=2222775 [ 2 ] Bug #2222779 - CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c https://bugzilla.redhat.com/show_bug.cgi?id=2222779 [ 3 ] Bug #2255207 - CVE-2023-4255 w3m: out-of-bounds write in function checkType() in etc.c (incomplete fix for CVE-2022-38223) https://bugzilla.redhat.com/show_bug.cgi?id=2255207 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3fc66f8bf3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
