On January 28, 2017 at 5:26PM +0000, adam (at adam-barratt.org.uk) wrote:
>> w3m (0.5.3-19+deb8u2) jessie; urgency=medium
>>
>> * Fix multiple vulnerabilities (closes: #850432)
>
> How soon {w,sh}ould we expect a request for +deb8u3 with another huge
> pile of changes?
Currently, there is no plan. Recently an infinite recursion issue
was reported, but I'm in no hurry about it. I'll consider to make
+deb8u3 if more important issues are discovered.
FYI, recent multiple issues were reported by Kuang-che Wu with
his fuzzing tools:
- w3m fuzzing & issue reproduce
https://github.com/kcwu/fuzzing-w3m
At the version 0.5.3+git20161218, Kuang-che Wu says:
<https://github.com/tats/w3m/commit/f33b7b2df0a125ae72b1d61d88e2c511f425b228#commitcomment-20225724>
> FYI, current version looks good. My fuzzing session cannot find
> anything interesting for several days.
Thanks,
--
Tatsuya Kinoshita
pgpicd7on77Z4.pgp
Description: PGP signature
