Gentoo Forums :: View topic - [gentoo-security] GLSA: w3m

[gentoo-security] GLSA: w3m

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

News & Announcements

View previous topic :: View next topic

Author

Message

pjp
Administrator

Joined: 16 Apr 2002
Posts: 20486

Posted: Tue Feb 18, 2003 2:20 pm Post subject: [gentoo-security] GLSA: w3m

Daniel Ahlberg wrote:

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-07
- - ---------------------------------------------------------------------

PACKAGE : w3m
SUMMARY : missing HTML quoting
DATE : 2003-02-17 14:47 UTC
EXPLOIT : remote

- - ---------------------------------------------------------------------

- From w3m release notes:

"Hironori SAKAMOTO found another security
vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag
in img alt attribute, so malicious frame html may deceive you to
access your local files, cookies and so on."

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-www/w3m upgrade to w3m-0.3.2.2 as follows:

emerge sync
emerge -u w3m
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - ---------------------------------------------------------------------

Mailing List Archive: Unavailable
_________________
Quis separabit? Quo animo?

Display posts from previous:

	Gentoo Forums Forum Index News & Announcements	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy