[Fedora-i18n-bugs] [Bug 1399713] New: CVE-2016-9622 w3m: Null pointer dereference in HTMLlineproc2body
https://bugzilla.redhat.com/show_bug.cgi?id=1399713
Bug ID: 1399713 Summary: CVE-2016-9622 w3m: Null pointer dereference in HTMLlineproc2body Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: eng-i18n-bugs@redhat.com, i18n-bugs@lists.fedoraproject.org, pnemade@redhat.com
A null pointer dereference will occur in w3m while parsing maliciously crafted input.
Upstream bug:
https://github.com/tats/w3m/issues/32
Upstream fixes:
https://github.com/tats/w3m/commit/c6c39973e7d336854e9a2d43119d1220b36e2035 https://github.com/tats/w3m/commit/a59a35211c63f12951b6266646081b08488b10ea
References:
http://seclists.org/oss-sec/2016/q4/488
https://bugzilla.redhat.com/show_bug.cgi?id=1399713
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |1106,reported=20161103,sour |1106,reported=20161122,sour |ce=oss-security,cvss2=4.3/A |ce=oss-security,cvss2=4.3/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |V:N/AC:M/Au:N/C:N/I:N/A:P,c |vss3=4.3/CVSS:3.0/AV:N/AC:L |vss3=4.3/CVSS:3.0/AV:N/AC:L |/PR:N/UI:R/S:U/C:N/I:N/A:L, |/PR:N/UI:R/S:U/C:N/I:N/A:L, |cwe=CWE-476,fedora-all/w3m= |cwe=CWE-476,fedora-all/w3m= |affected,epel-7/w3m=affecte |affected,epel-7/w3m=affecte |d,rhel-5/w3m=new,rhel-6/w3m |d,rhel-5/w3m=new,rhel-6/w3m |=new |=new
https://bugzilla.redhat.com/show_bug.cgi?id=1399713
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1399744
https://bugzilla.redhat.com/show_bug.cgi?id=1399713
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1401423 Depends On| |1401424
--- Comment #1 from Huzaifa S. Sidhpurwala huzaifas@redhat.com ---
Created w3m tracking bugs for this issue:
Affects: fedora-all [bug 1401423] Affects: epel-7 [bug 1401424]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1401423 [Bug 1401423] w3m: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401424 [Bug 1401424] w3m: various flaws [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1399713 Bug 1399713 depends on bug 1401423, which changed state.
Bug 1401423 Summary: w3m: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401423
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1399713
Dhiru Kholia dkholia@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low Status|NEW |CLOSED Resolution|--- |WONTFIX Whiteboard|impact=moderate,public=2016 |impact=low,public=20161106, |1106,reported=20161122,sour |reported=20161122,source=os |ce=oss-security,cvss2=4.3/A |s-security,cvss2=4.3/AV:N/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |C:M/Au:N/C:N/I:N/A:P,cvss3= |vss3=4.3/CVSS:3.0/AV:N/AC:L |4.3/CVSS:3.0/AV:N/AC:L/PR:N |/PR:N/UI:R/S:U/C:N/I:N/A:L, |/UI:R/S:U/C:N/I:N/A:L,cwe=C |cwe=CWE-476,fedora-all/w3m= |WE-476,fedora-all/w3m=affec |affected,epel-7/w3m=affecte |ted,epel-7/w3m=affected,rhe |d,rhel-5/w3m=new,rhel-6/w3m |l-5/w3m=wontfix,rhel-6/w3m= |=new |wontfix Severity|medium |low Last Closed| |2017-03-17 02:48:14
https://bugzilla.redhat.com/show_bug.cgi?id=1399713 Bug 1399713 depends on bug 1401424, which changed state.
Bug 1401424 Summary: w3m: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1401424
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
i18n-bugs@lists.fedoraproject.org
-
bugzilla@redhat.com -
Red Hat Bugzilla