-
Security Vulnerability
-
Resolution: Fixed
-
Normal
-
None
-
None
currently we have version www-client/w3m-0.5.3_p20190105
vulner reported this CVEs:
- https://nvd.nist.gov/vuln/detail/CVE-2018-6196
- https://nvd.nist.gov/vuln/detail/CVE-2018-6198
- https://nvd.nist.gov/vuln/detail/CVE-2018-6197
- https://nvd.nist.gov/vuln/detail/CVE-2016-9435
- https://nvd.nist.gov/vuln/detail/CVE-2016-9436
- https://nvd.nist.gov/vuln/detail/CVE-2016-9443
- https://nvd.nist.gov/vuln/detail/CVE-2016-9442
- https://nvd.nist.gov/vuln/detail/CVE-2016-9441
- https://nvd.nist.gov/vuln/detail/CVE-2016-9440
- https://nvd.nist.gov/vuln/detail/CVE-2016-9439
- https://nvd.nist.gov/vuln/detail/CVE-2016-9438
- https://nvd.nist.gov/vuln/detail/CVE-2016-9437
- https://nvd.nist.gov/vuln/detail/CVE-2016-9434
- https://nvd.nist.gov/vuln/detail/CVE-2016-9433
- https://nvd.nist.gov/vuln/detail/CVE-2016-9432
- https://nvd.nist.gov/vuln/detail/CVE-2016-9431
- https://nvd.nist.gov/vuln/detail/CVE-2016-9430
- https://nvd.nist.gov/vuln/detail/CVE-2016-9429
- https://nvd.nist.gov/vuln/detail/CVE-2016-9428
- https://nvd.nist.gov/vuln/detail/CVE-2016-9426
now, I'm not sure which one of them are fixed in our current version w3m-0.5.3_p20190105 but thanks to https://security-tracker.debian.org/tracker/source-package/w3m and https://lists.debian.org/debian-lts-announce/2020/04/msg00025.html I can tell that high severity CVE-2018-6196 was fixed at 30 Apr 2020 - so I assume that the fix is not present in 0.5.3_p20190105