[Fedora-i18n-bugs] [Bug 1399699] New: CVE-2016-9438 w3m: Null pointer dereference with input_alt tag
https://bugzilla.redhat.com/show_bug.cgi?id=1399699
Bug ID: 1399699 Summary: CVE-2016-9438 w3m: Null pointer dereference with input_alt tag Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: eng-i18n-bugs@redhat.com, i18n-bugs@lists.fedoraproject.org, pnemade@redhat.com
A null pointer dereference will occur in w3m while parsing maliciously crafted input.
Upstream bug:
https://github.com/tats/w3m/issues/18
Upstream fix:
https://github.com/tats/w3m/commit/010b68580dc50ce183df11cc79721936ab5c4f25
References:
http://seclists.org/oss-sec/2016/q4/321
https://bugzilla.redhat.com/show_bug.cgi?id=1399699
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1399744
https://bugzilla.redhat.com/show_bug.cgi?id=1399699
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1401423 Depends On| |1401424
--- Comment #1 from Huzaifa S. Sidhpurwala huzaifas@redhat.com ---
Created w3m tracking bugs for this issue:
Affects: fedora-all [bug 1401423] Affects: epel-7 [bug 1401424]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1401423 [Bug 1401423] w3m: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401424 [Bug 1401424] w3m: various flaws [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1399699 Bug 1399699 depends on bug 1401423, which changed state.
Bug 1401423 Summary: w3m: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401423
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1399699
Dhiru Kholia dkholia@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low Whiteboard|impact=moderate,public=2016 |impact=low,public=20160817, |0817,reported=20161103,sour |reported=20161103,source=os |ce=oss-security,cvss2=4.3/A |s-security,cvss2=4.3/AV:N/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |C:M/Au:N/C:N/I:N/A:P,cvss3= |vss3=4.3/CVSS:3.0/AV:N/AC:L |4.3/CVSS:3.0/AV:N/AC:L/PR:N |/PR:N/UI:R/S:U/C:N/I:N/A:L, |/UI:R/S:U/C:N/I:N/A:L,cwe=C |cwe=CWE-476,fedora-all/w3m= |WE-476,fedora-all/w3m=affec |affected,epel-7/w3m=affecte |ted,epel-7/w3m=affected,rhe |d,rhel-5/w3m=new,rhel-6/w3m |l-5/w3m=new,rhel-6/w3m=new |=new | Severity|medium |low
https://bugzilla.redhat.com/show_bug.cgi?id=1399699
Dhiru Kholia dkholia@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20160817, |impact=low,public=20160817, |reported=20161103,source=os |reported=20161103,source=os |s-security,cvss2=4.3/AV:N/A |s-security,cvss2=4.3/AV:N/A |C:M/Au:N/C:N/I:N/A:P,cvss3= |C:M/Au:N/C:N/I:N/A:P,cvss3= |4.3/CVSS:3.0/AV:N/AC:L/PR:N |4.3/CVSS:3.0/AV:N/AC:L/PR:N |/UI:R/S:U/C:N/I:N/A:L,cwe=C |/UI:R/S:U/C:N/I:N/A:L,cwe=C |WE-476,fedora-all/w3m=affec |WE-476,fedora-all/w3m=affec |ted,epel-7/w3m=affected,rhe |ted,epel-7/w3m=affected,rhe |l-5/w3m=new,rhel-6/w3m=new |l-5/w3m=notaffected,rhel-6/ | |w3m=notaffected
https://bugzilla.redhat.com/show_bug.cgi?id=1399699
Dhiru Kholia dkholia@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG Last Closed| |2017-03-17 02:36:51
https://bugzilla.redhat.com/show_bug.cgi?id=1399699 Bug 1399699 depends on bug 1401424, which changed state.
Bug 1401424 Summary: w3m: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1401424
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
i18n-bugs@lists.fedoraproject.org
-
bugzilla@redhat.com -
Red Hat Bugzilla