Control: retitle -1 w3m: CVE-2018-6198: nsecure temporary files creation when ~/.w3m is unwritable
Hi On Tue, Jan 23, 2018 at 07:13:34PM +0900, Tatsuya Kinoshita wrote: > Package: w3m > Version: 0.5.3-34 > Severity: important > Tags: patch security upstream pending > > Only when ~/.w3m is unwritable, w3m uses /tmp in an insecure fashion, > which allows a local attacker to craft a symlink attack to overwrite > arbitrary files. > > Patch is available: > > - > https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753 > > Will be fixed in the next upload. This issue has been assigned CVE-2018-6198. Regards, Salvatore
