[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-6196 and CVE-2018-6197 will be fixed with upload to Jessie

Thu Apr 30 16:19:35 BST 2020


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ac0e52a by Thorsten Alteholz at 2020-04-30T17:18:57+02:00
CVE-2018-6196 and CVE-2018-6197 will be fixed with upload to Jessie

- - - - -
2348d36c by Thorsten Alteholz at 2020-04-30T17:19:24+02:00
Reserve DLA-2195-1 for w3m

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -124573,14 +124573,12 @@ CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when t
 CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formU ...)
 	- w3m 0.5.3-36 (low)
 	[stretch] - w3m 0.5.3-34+deb9u1
-	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/89
 	NOTE: https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
 CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlinepr ...)
 	- w3m 0.5.3-36 (low)
 	[stretch] - w3m 0.5.3-34+deb9u1
-	[jessie] - w3m <no-dsa> (Minor issue)
 	[wheezy] - w3m <no-dsa> (Minor issue)
 	NOTE: https://github.com/tats/w3m/issues/88
 	NOTE: https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Apr 2020] DLA-2195-1 w3m - security update
+	{CVE-2018-6196 CVE-2018-6197}
+	[jessie] - w3m 0.5.3-19+deb8u3
 [30 Apr 2020] DLA-2194-1 yodl - security update
 	{CVE-2016-10375}
 	[jessie] - yodl 3.04.00-1+deb8u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0fcfd55544a7553567b6a9de34be4fb3b95b55f3...2348d36c7184664855a3f1879a11b4dc1f56d276

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0fcfd55544a7553567b6a9de34be4fb3b95b55f3...2348d36c7184664855a3f1879a11b4dc1f56d276
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200430/4dec5e8f/attachment-0001.html>
