| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: aliz at gentoo.org (Daniel Ahlberg) Subject: GLSA: w3m -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-07 - - --------------------------------------------------------------------- PACKAGE : w3m SUMMARY : missing HTML quoting DATE : 2003-02-17 14:47 UTC EXPLOIT : remote - - --------------------------------------------------------------------- - From w3m release notes: "Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on." SOLUTION It is recommended that all Gentoo Linux users who are running net-www/w3m upgrade to w3m-0.3.2.2 as follows: emerge sync emerge -u w3m emerge clean - - --------------------------------------------------------------------- aliz@...too.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UPYbfT7nyhUpoZMRAsIBAJ9VXr80M0q44vB0C8FrtuzUrE65/gCgkcu9 Vf4VW9lnTPTDTSBwZnAmc1k= =8w3p -----END PGP SIGNATURE-----
Powered by blists - more mailing lists