FEDORA-2024-aeb75f8b5b — security update for w3m

stable

w3m-0.5.3-63.git20230121.fc40

FEDORA-2024-aeb75f8b5b created by robert a year ago for Fedora 40

Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-aeb75f8b5b

This update has been submitted for testing by robert.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

There is an ongoing freeze; this will be pushed to stable after the freeze is over.

a year ago

This update has been pushed to stable.

a year ago

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

3 days

Dates

submitted

a year ago

in testing

a year ago

in stable

a year ago

approved

a year ago

Builds

w3m-0.5.3-63.git20230121.fc40

BZ#2222775 CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c

BZ#2222776 CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c [fedora-all]

BZ#2222779 CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c

BZ#2222780 CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c [fedora-all]

BZ#2255207 CVE-2023-4255 w3m: out-of-bounds write in function checkType() in etc.c (incomplete fix for CVE-2022-38223)

BZ#2255208 CVE-2023-4255 w3m: out-of-bounds write in function checkType() in etc.c (incomplete fix for CVE-2022-38223) [fedora-all]

w3m-0.5.3-63.git20230121.fc40

Automated Test Results

ignored