Control: tags -1 -moreinfo +confirmed
On Sun, 2017-01-29 at 07:12 +0900, Tatsuya Kinoshita wrote:
> On January 28, 2017 at 5:26PM +0000, adam (at adam-barratt.org.uk) wrote:
> >> w3m (0.5.3-19+deb8u2) jessie; urgency=medium
> >>
> >> * Fix multiple vulnerabilities (closes: #850432)
> >
> > How soon {w,sh}ould we expect a request for +deb8u3 with another huge
> > pile of changes?
>
> Currently, there is no plan. Recently an infinite recursion issue
> was reported, but I'm in no hurry about it. I'll consider to make
> +deb8u3 if more important issues are discovered.
>
> FYI, recent multiple issues were reported by Kuang-che Wu with
> his fuzzing tools:
>
> - w3m fuzzing & issue reproduce
> https://github.com/kcwu/fuzzing-w3m
>
> At the version 0.5.3+git20161218, Kuang-che Wu says:
> <https://github.com/tats/w3m/commit/f33b7b2df0a125ae72b1d61d88e2c511f425b228#commitcomment-20225724>
> > FYI, current version looks good. My fuzzing session cannot find
> > anything interesting for several days.
Thanks. If you're still interested in doing this, please feel free to
upload.
Regards,
Adam
