{"id":"DSA-250","summary":"w3mmee-ssl - missing HTML quoting","details":"\nHironori Sakamoto, one of the w3m developers, found two security\nvulnerabilities in w3m and associated programs. The w3m browser does\nnot properly escape HTML tags in frame contents and img alt\nattributes. A malicious HTML frame or img alt attribute may deceive a\nuser to send their local cookies which are used for configuration. The\ninformation is not leaked automatically, though.\n\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 0.3.p23.3-1.5. Please note that the update also contains an\nimportant patch to make the program work on the powerpc platform again.\n\n\nThe old stable distribution (potato) is not affected by these\nproblems.\n\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 0.3.p24.17-3 and later.\n\n\nWe recommend that you upgrade your w3mmee-ssl packages.\n\n\n","modified":"2022-07-04T02:00:37.778798Z","published":"2003-02-12T00:00:00Z","withdrawn":"2024-05-15T05:36:14.100177Z","schema_version":"1.7.3"}