Several vulnerabilities have been fixed in the latest version of the w3m on the github page that this port is now tracking, however the port doesn't yet appear to be updated yet. Here's a link to the changelog: https://github.com/tats/w3m/blob/master/ChangeLog
Created attachment 190254 [details] update patch See attached
Created attachment 190272 [details] vuxml entry An attempt at a vuxml entry, passes 'make validate' and has been checked with pkg audit -f /usr/ports/security/vuxml/vuxml.xml against w3m-0.5.3.20170102_1
A commit references this bug: Author: brd Date: Fri Feb 2 18:20:05 UTC 2018 New revision: 460722 URL: https://svnweb.freebsd.org/changeset/ports/460722 Log: Document vulns in www/w3m. PR: 225611 Submitted by: D. Ebdrup <debdrup@gmail.com> Changes: head/security/vuxml/vuln.xml
Comment on attachment 190272 [details] vuxml entry Committed, thanks!
Created attachment 190273 [details] Corrected vuxml entry (obsoleted) Vladimir Krstulja helpfully pointed out that I'd missed some variants and hadn't correctly identified the CVEs in the cvename section. Next time I'll be sure to file an entry for security/vuxml too, instead of under www/w3m.
Comment on attachment 190273 [details] Corrected vuxml entry (obsoleted) Oops, not an actual diff. My bad.
Created attachment 190275 [details] Final vuxml entry This vuxml entry removes emacs-w3m and adds ja-w3m and ja-w3m-img. Previous vuxmlentry-corrected.txt should be obsoleted.
A commit references this bug: Author: nobutaka Date: Sat Feb 3 13:21:38 UTC 2018 New revision: 460810 URL: https://svnweb.freebsd.org/changeset/ports/460810 Log: - Update to 0.5.3.20180125. - This version fixes multiple vulnerabilities. PR: 225611 Submitted by: D. Ebdrup <debdrup@gmail.com> MFH: 2018Q1 Security: e72d5bf5-07a0-11e8-8248-0021ccb9e74d Changes: head/www/w3m/Makefile head/www/w3m/distinfo
A commit references this bug: Author: nobutaka Date: Sat Feb 3 13:35:04 UTC 2018 New revision: 460811 URL: https://svnweb.freebsd.org/changeset/ports/460811 Log: Update entry of w3m vulnerabilities. PR: 225611 Submitted by: D. Ebdrup <debdrup@gmail.com> Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: nobutaka Date: Sun Feb 4 13:32:07 UTC 2018 New revision: 460930 URL: https://svnweb.freebsd.org/changeset/ports/460930 Log: MFH: r460810 - Update to 0.5.3.20180125. - This version fixes multiple vulnerabilities. PR: 225611 Submitted by: D. Ebdrup <debdrup@gmail.com> Security: e72d5bf5-07a0-11e8-8248-0021ccb9e74d Approved by: ports-secteam (feld) Changes: _U branches/2018Q1/ branches/2018Q1/www/w3m/Makefile branches/2018Q1/www/w3m/distinfo
Update done. Thank you for the patches!