-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Feb 2017 19:03:02 +0100 Source: tnef Binary: tnef Architecture: source amd64 Version: 1.4.9-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Kevin Coyner <kcoyner@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: tnef - Tool to unpack MIME application/ms-tnef attachments Closes: 856117 Changes: tnef (1.4.9-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117) * CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6308 An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. * CVE-2017-6309 An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6310 An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. Checksums-Sha1: 44b841c8da86aaf5e553783540ffb282034152ab 1884 tnef_1.4.9-1+deb8u1.dsc d42ccbe3d41e797fb4133f2e01120680101e8782 3952575 tnef_1.4.9.orig.tar.gz dbc8d2eb01661692bc9044503c3e924385e88f45 6408 tnef_1.4.9-1+deb8u1.debian.tar.xz 5ba7da83e81d419dad2350c19f00c697a275e11a 47936 tnef_1.4.9-1+deb8u1_amd64.deb Checksums-Sha256: f4905763d514273b427d99a89a709a18d8370ca81e1900bbd6de7f448bfa940b 1884 tnef_1.4.9-1+deb8u1.dsc c4d64ec48f79681a11ee45b38c6b2177ce2d0a8c8f99733e90d462bd27eee6af 3952575 tnef_1.4.9.orig.tar.gz dcdd1e8a372c4f03077c85ea65500a13eff0177c3c917214e81d05f657f95eae 6408 tnef_1.4.9-1+deb8u1.debian.tar.xz 685bcef186164383d5282c40d876a0d3c9f3bf46bc77490852a896e1dc370ab4 47936 tnef_1.4.9-1+deb8u1_amd64.deb Files: 60ba775438595956e21553054d065543 1884 text optional tnef_1.4.9-1+deb8u1.dsc 83a3a8fe0c15c9bbe2a8dae74c46b761 3952575 text optional tnef_1.4.9.orig.tar.gz bf18cb1ff6f0aa65434e11e9aa5edc84 6408 text optional tnef_1.4.9-1+deb8u1.debian.tar.xz 33d69db92a61080d2169ad02e0d8476c 47936 text optional tnef_1.4.9-1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAli1wDRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR7IsD/98157RWPyIUPLMRSHgwYRGWsr2N8FC 7Myn0LDVsNQ1CavWY44CriXSPTaOy2ECC8595fAHlbaPlBDj8a2XmJBfMoyr8XXu XacBoRmlu73ghGzSOkhtgnL0UrcYYsUbw108CA5mmoSeGfBoi/oZsj37Y/FxM6MR uj9FoiTu8QZ+2xTGc5CBjmRqLWesUJvd4DWny9xiTZy+SRKsgmcpHphkcgBtpN7i WUCEF/7s+6/h/CRg1R9wOxrz4MH7SkFFNuGlzxwq4o+s2nOFgOnlKJYfP5DT6toT Sjfk1/r7w1tELy89RknXHqKVWK61id2covBhmvOkRGHvvLcnCN6Nj/CoZ7DbtO0E 2hnTHszD+8oLMC1VzLWlFwggUiDlxkS24B5xQ9RAfYOB8y1JU2HTs00AZgJXSmIA Vu2X6TGdzow14y83ANZL6Xj8fXyeWEE+gxIhiKEyFVvMjyS9lv3jHXyh/SMXZyjs AnJQZFlQQ17Ln0WY95MogxPYFR2kZA6XOnxXev4Adz+Tj5uYC+aDrMgsYWhOob4I r7XFzUD3Rt+2MDZH1frZmPMfOs+SZ8Pjlntb5kKvRbgjzhjpHLWiM2AFik0+IiUu Tl3drK3chkiQhGa5NNbP8qPTDYeRJ5isRjoTTme+B7td/HJ7vwDuLVn5YXYcMopz PyRCxqq6zwPQSg== =i+d+ -----END PGP SIGNATURE-----
