FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

w3m - multiple vulnerabilities

Affected packages
ja-w3m < 0.5.3.20180125
ja-w3m-img < 0.5.3.20180125
w3m < 0.5.3.20180125
w3m-img < 0.5.3.20180125

Details

VuXML ID e72d5bf5-07a0-11e8-8248-0021ccb9e74d
Discovery 2018-01-25
Entry 2018-02-01
Modified 2018-02-03

Tatsuya Kinoshita reports:

CVE-2018-6196 * table.c: Prevent negative indent value in feed_table_block_tag().

CVE-2018-6197 * form.c: Prevent invalid columnPos() call in formUpdateBuffer().

CVE-2018-6198 * config.h.dist, config.h.in, configure, configure.ac, main.c, rc.c: Make temporary directory safely when ~/.w3m is unwritable.

References

CVE Name CVE-2018-6196
CVE Name CVE-2018-6197
CVE Name CVE-2018-6198
URL https://github.com/tats/w3m/commit/e773a0e089276f82c546447c0fd1e6c0f9156628