Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: w3m
Date: Tue, 18 Feb 2003 08:11:06
Message-Id: 20030217144328.D299E33B58@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200302-07
6 - - ---------------------------------------------------------------------
7
8 PACKAGE : w3m
9 SUMMARY : missing HTML quoting
10 DATE : 2003-02-17 14:47 UTC
11 EXPLOIT : remote
12
13 - - ---------------------------------------------------------------------
14
15 - From w3m release notes:
16
17 "Hironori SAKAMOTO found another security
18 vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag
19 in img alt attribute, so malicious frame html may deceive you to
20 access your local files, cookies and so on."
21
22 SOLUTION
23
24 It is recommended that all Gentoo Linux users who are running
25 net-www/w3m upgrade to w3m-0.3.2.2 as follows:
26
27 emerge sync
28 emerge -u w3m
29 emerge clean
30
31 - - ---------------------------------------------------------------------
32 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
33 - - ---------------------------------------------------------------------
34 -----BEGIN PGP SIGNATURE-----
35 Version: GnuPG v1.2.1 (GNU/Linux)
36
37 iD8DBQE+UPYbfT7nyhUpoZMRAsIBAJ9VXr80M0q44vB0C8FrtuzUrE65/gCgkcu9
38 Vf4VW9lnTPTDTSBwZnAmc1k=
39 =8w3p
40 -----END PGP SIGNATURE-----