--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-38c2261ca0
2024-03-27 01:36:32.511401
--------------------------------------------------------------------------------

Name        : w3m
Product     : Fedora 38
Version     : 0.5.3
Release     : 63.git20230121.fc38
URL         : https://w3m.sourceforge.net/
Summary     : Pager with Web browsing abilities
Description :
The w3m program is a pager (or text file viewer) that can also be used
as a text-mode Web browser. W3m features include the following: when
reading an HTML document, you can follow links and view images using
an external image viewer; its internet message mode determines the
type of document from the header; if the Content-Type field of the
document is text/html, the document is displayed as an HTML document;
you can change a URL description like 'http://hogege.net' in plain
text into a link to that URL.
If you want to display the inline images on w3m, you need to install
w3m-img package as well.

--------------------------------------------------------------------------------
Update Information:

Added upstream patch to fix out-of-bounds access due to multiple backspaces to
address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 18 2024 Robert Scheck  - 0.5.3-63.git20230121
- Added upstream patch to fix out-of-bounds access due to multiple backspaces
  to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)
* Sat Jan 27 2024 Fedora Release Engineering  - 0.5.3-62.git20230121
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering  - 0.5.3-61.git20230121
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2222775 - CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2222775
  [ 2 ] Bug #2222779 - CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c
        https://bugzilla.redhat.com/show_bug.cgi?id=2222779
  [ 3 ] Bug #2255207 - CVE-2023-4255 w3m: out-of-bounds write in function checkType() in etc.c (incomplete fix for CVE-2022-38223)
        https://bugzilla.redhat.com/show_bug.cgi?id=2255207
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-38c2261ca0' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 38: w3m 2024-38c2261ca0

March 27, 2024
Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

Summary

The w3m program is a pager (or text file viewer) that can also be used

as a text-mode Web browser. W3m features include the following: when

reading an HTML document, you can follow links and view images using

an external image viewer; its internet message mode determines the

type of document from the header; if the Content-Type field of the

document is text/html, the document is displayed as an HTML document;

you can change a URL description like 'http://hogege.net' in plain

text into a link to that URL.

If you want to display the inline images on w3m, you need to install

w3m-img package as well.

Update Information:

Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

Change Log

* Mon Mar 18 2024 Robert Scheck - 0.5.3-63.git20230121 - Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207) * Sat Jan 27 2024 Fedora Release Engineering - 0.5.3-62.git20230121 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jul 22 2023 Fedora Release Engineering - 0.5.3-61.git20230121 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References

[ 1 ] Bug #2222775 - CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c https://bugzilla.redhat.com/show_bug.cgi?id=2222775 [ 2 ] Bug #2222779 - CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c https://bugzilla.redhat.com/show_bug.cgi?id=2222779 [ 3 ] Bug #2255207 - CVE-2023-4255 w3m: out-of-bounds write in function checkType() in etc.c (incomplete fix for CVE-2022-38223) https://bugzilla.redhat.com/show_bug.cgi?id=2255207

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-38c2261ca0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : w3m
Product : Fedora 38
Version : 0.5.3
Release : 63.git20230121.fc38
URL : https://w3m.sourceforge.net/
Summary : Pager with Web browsing abilities

Related News