Package: w3m Version: 0.5.3-34 Severity: important Tags: patch security upstream pending
Only when ~/.w3m is unwritable, w3m uses /tmp in an insecure fashion, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. Patch is available: - https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 Will be fixed in the next upload. Thanks, -- Tatsuya Kinoshita
pgpuMy_VW3Qg7.pgp
Description: PGP signature
