Package: w3m Severity: grave Tags: security Hi, several applications fail to correct SSL certificates properly and w3m is among them: http://www.openwall.com/lists/oss-security/2010/06/14/4 This has been assigned CVE-2010-2074. The impact of this bug doesn''t warrant a DSA, but you can still fix in in Lenny through a stable point update: http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable Cheers, Moritz -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, ''unstable'') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages w3m depends on: ii libc6 2.10.2-9 Embedded GNU C Library: Shared lib pn libgc1c2 <none> (no description available) ii libgpm2 1.20.4-3.3 General Purpose Mouse - shared lib ii libncurses5 5.7+20100313-2 shared libraries for terminal hand ii libssl0.9.8 0.9.8n-1 SSL shared libraries ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages w3m recommends: ii ca-certificates 20090814 Common CA certificates Versions of packages w3m suggests: ii man-db 2.5.7-3 on-line manual pager ii menu 2.1.43 generates programs menu for all me pn migemo <none> (no description available) ii mime-support 3.48-1 MIME files ''mime.types'' & ''mailcap pn w3m-el <none> (no description available) pn w3m-img <none> (no description available)