[Bug 215070] security/vuxml: multiple security vulnerabilities in w3m

Mon Dec 5 11:38:42 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215070

            Bug ID: 215070
           Summary: security/vuxml: multiple security vulnerabilities in
                    w3m
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam at FreeBSD.org
          Reporter: kcwu at csie.org
          Assignee: ports-secteam at FreeBSD.org
             Flags: maintainer-feedback?(ports-secteam at FreeBSD.org)

Created attachment 177687
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=177687&action=edit
VuXML entry

There are many known security vulnerabilities in w3m and got CVEs assigned.
http://seclists.org/oss-sec/2016/q4/452
http://seclists.org/oss-sec/2016/q4/516

The original report is for debian's w3m (one active maintained fork of original
w3m). FreeBSD's w3m should share all these vulnerabilities (I believe so, but I
didn't verify them individually).

Regarding to vuxml entry, I don't know how to write the version range though.
Because currently only debian's fork (https://github.com/tats/w3m) is known
fixed these issues. The original w3m (sf.net/projects/w3m), which FreeBSD uses,
is inactive for years.

-- 
You are receiving this mail because:
You are the assignee for the bug.