Date: Mon, 05 Dec 2016 11:38:41 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 215070] security/vuxml: multiple security vulnerabilities in w3m Message-ID: <bug-215070-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215070 Bug ID: 215070 Summary: security/vuxml: multiple security vulnerabilities in w3m Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-secteam@FreeBSD.org Reporter: kcwu@csie.org Assignee: ports-secteam@FreeBSD.org Flags: maintainer-feedback?(ports-secteam@FreeBSD.org) Created attachment 177687 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D177687&action= =3Dedit VuXML entry There are many known security vulnerabilities in w3m and got CVEs assigned. http://seclists.org/oss-sec/2016/q4/452 http://seclists.org/oss-sec/2016/q4/516 The original report is for debian's w3m (one active maintained fork of orig= inal w3m). FreeBSD's w3m should share all these vulnerabilities (I believe so, b= ut I didn't verify them individually). Regarding to vuxml entry, I don't know how to write the version range thoug= h. Because currently only debian's fork (https://github.com/tats/w3m) is known fixed these issues. The original w3m (sf.net/projects/w3m), which FreeBSD u= ses, is inactive for years. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215070-13>