Secure testing team - Jun 2010 - Bug#587445: CVE-2010-2074

Package: w3m
Severity: grave
Tags: security

Hi,
several applications fail to correct SSL certificates properly
and w3m is among them:
http://www.openwall.com/lists/oss-security/2010/06/14/4

This has been assigned CVE-2010-2074.

The impact of this bug doesn''t warrant a DSA, but you can still
fix in in Lenny through a stable point update:
http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages w3m depends on:
ii  libc6                   2.10.2-9         Embedded GNU C Library: Shared lib
pn  libgc1c2                <none>           (no description available)
ii  libgpm2                 1.20.4-3.3       General Purpose Mouse - shared lib
ii  libncurses5             5.7+20100313-2   shared libraries for terminal hand
ii  libssl0.9.8             0.9.8n-1         SSL shared libraries
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages w3m recommends:
ii  ca-certificates               20090814   Common CA certificates

Versions of packages w3m suggests:
ii  man-db                        2.5.7-3    on-line manual pager
ii  menu                          2.1.43     generates programs menu for all me
pn  migemo                        <none>     (no description available)
ii  mime-support                  3.48-1     MIME files
''mime.types'' & ''mailcap
pn  w3m-el                        <none>     (no description available)
pn  w3m-img                       <none>     (no description available)