https://bugzilla.redhat.com/show_bug.cgi?id=1399710
Bug ID: 1399710 Summary: CVE-2016-9443 w3m: Null pointer dereference in formUpdateBuffer Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: eng-i18n-bugs@redhat.com, i18n-bugs@lists.fedoraproject.org, pnemade@redhat.com
A null pointer dereference will occur in w3m while parsing maliciously crafted input.
Upstream bug:
https://github.com/tats/w3m/issues/28
Upstream fixes:
https://github.com/tats/w3m/commit/ec9eb22e008a69ea9dc21fdca4b9b836679965ee https://github.com/tats/w3m/commit/22d29c3d11bdfec80164789a99c36cc674340914
References:
http://seclists.org/oss-sec/2016/q4/321
https://bugzilla.redhat.com/show_bug.cgi?id=1399710
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1399744
https://bugzilla.redhat.com/show_bug.cgi?id=1399710
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1401423 Depends On| |1401424
--- Comment #1 from Huzaifa S. Sidhpurwala huzaifas@redhat.com ---
Created w3m tracking bugs for this issue:
Affects: fedora-all [bug 1401423] Affects: epel-7 [bug 1401424]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1401423 [Bug 1401423] w3m: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401424 [Bug 1401424] w3m: various flaws [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1399710 Bug 1399710 depends on bug 1401423, which changed state.
Bug 1401423 Summary: w3m: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401423
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1399710
Dhiru Kholia dkholia@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low Status|NEW |CLOSED Resolution|--- |NOTABUG Whiteboard|impact=moderate,public=2016 |impact=low,public=20161002, |1002,reported=20161103,sour |reported=20161103,source=os |ce=oss-security,cvss2=4.3/A |s-security,cvss2=4.3/AV:N/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |C:M/Au:N/C:N/I:N/A:P,cvss3= |vss3=4.3/CVSS:3.0/AV:N/AC:L |4.3/CVSS:3.0/AV:N/AC:L/PR:N |/PR:N/UI:R/S:U/C:N/I:N/A:L, |/UI:R/S:U/C:N/I:N/A:L,cwe=C |cwe=CWE-476,fedora-all/w3m= |WE-476,fedora-all/w3m=affec |affected,epel-7/w3m=affecte |ted,epel-7/w3m=affected,rhe |d,rhel-5/w3m=new,rhel-6/w3m |l-5/w3m=notaffected,rhel-6/ |=new |w3m=notaffected Severity|medium |low Last Closed| |2017-03-17 02:43:39
https://bugzilla.redhat.com/show_bug.cgi?id=1399710 Bug 1399710 depends on bug 1401424, which changed state.
Bug 1401424 Summary: w3m: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1401424
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
i18n-bugs@lists.fedoraproject.org