[Secure-testing-team] Bug#587445: CVE-2010-2074
Moritz Muehlenhoff
jmm at debian.org
Mon Jun 28 17:31:07 UTC 2010
Package: w3m
Severity: grave
Tags: security
Hi,
several applications fail to correct SSL certificates properly
and w3m is among them:
http://www.openwall.com/lists/oss-security/2010/06/14/4
This has been assigned CVE-2010-2074.
The impact of this bug doesn't warrant a DSA, but you can still
fix in in Lenny through a stable point update:
http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages w3m depends on:
ii libc6 2.10.2-9 Embedded GNU C Library: Shared lib
pn libgc1c2 <none> (no description available)
ii libgpm2 1.20.4-3.3 General Purpose Mouse - shared lib
ii libncurses5 5.7+20100313-2 shared libraries for terminal hand
ii libssl0.9.8 0.9.8n-1 SSL shared libraries
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages w3m recommends:
ii ca-certificates 20090814 Common CA certificates
Versions of packages w3m suggests:
ii man-db 2.5.7-3 on-line manual pager
ii menu 2.1.43 generates programs menu for all me
pn migemo <none> (no description available)
ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap
pn w3m-el <none> (no description available)
pn w3m-img <none> (no description available)
More information about the Secure-testing-team
mailing list