From bugzilla at redhat.com Tue Nov 29 15:54:33 2016
Content-Type: multipart/mixed; boundary="===============0311882443248379608=="
MIME-Version: 1.0
From: Red Hat Bugzilla <bugzilla at redhat.com>
To: i18n-bugs at lists.fedoraproject.org
Subject: [Fedora-i18n-bugs] [Bug 1399740] New: CVE-2016-9633 w3m: Memory
 exhaustion due to repeatedly appending '<table>'
Date: Tue, 29 Nov 2016 15:53:56 +0000
Message-ID: <bug-1399740-269801@bugzilla.redhat.com>

--===============0311882443248379608==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

https://bugzilla.redhat.com/show_bug.cgi?id=3D1399740

            Bug ID: 1399740
           Summary: CVE-2016-9633 w3m: Memory exhaustion due to repeatedly
                    appending '<table>'
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team(a)redhat.com
          Reporter: anemec(a)redhat.com
                CC: eng-i18n-bugs(a)redhat.com,
                    i18n-bugs(a)lists.fedoraproject.org, pnemade(a)redhat.c=
om




A memory exhaustion will occur in w3m while parsing maliciously crafted inp=
ut.

Upstream bug:

https://github.com/tats/w3m/issues/23

Upstream fix:

https://github.com/tats/w3m/commit/216722ed7282cec4338b177ea9ffdd39ad1b8c8c

References:

http://seclists.org/oss-sec/2016/q4/488

-- =

You are receiving this mail because:
You are on the CC list for the bug.
--===============0311882443248379608==--