From ${URL} : An integer overflow vulnerability was found in the parsing of HTML tables in the Links web browser. This is only known to be exploited when running Links in graphical mode. References: http://seclists.org/fulldisclosure/2013/Nov/217 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Patch available for the vulnerability at this location: https://bugzilla.redhat.com/attachment.cgi?id=831533 Please advise when build ready for stabilization. Thank you.
CVE-2013-6050 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6050): Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.
Test and stabilize: =www-client/links-2.8-r1
Stable for HPPA.
Builds and runs fine on x86. Please mark stable for x86.
ppc stable
ppc64 stable
amd64 stable
alpha stable
x86 stable
sparc stable
arm stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
GLSA request filed
Oops, this should be rated B3, cause it's just DoS per secunia advisory and RedHat bug. But anyway, i have filed GLSA requests already
Cleanup done.
This issue was resolved and addressed in GLSA 201402-11 at http://security.gentoo.org/glsa/glsa-201402-11.xml by GLSA coordinator Chris Reffett (creffett).