-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 26 Mar 2017 18:03:02 +0100
Source: libytnef
Binary: libytnef0 libytnef0-dev
Architecture: source amd64
Version: 1.5-4+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
libytnef0 - improved decoder for application/ms-tnef attachments
libytnef0-dev - improved decoder for application/ms-tnef attachments
Changes:
libytnef (1.5-4+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Wheezy LTS Team.
* Multiple Heap Overflows, out of bound writes and reads, NULL
pointer dereferences and infinite loops have been discovered
in ytnef 1.9 and earlier.
These could be exploited by tricking a user into opening a
malicious winmail.dat file.
* CVE-2017-6298
Null Pointer Deref / calloc return value not checked
* CVE-2017-6299
Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c
* CVE-2017-6300
Buffer Overflow in version field in lib/tnef-types.h
* CVE-2017-6301
Out of Bounds Reads
* CVE-2017-6302
Integer Overflow
* CVE-2017-6303
Invalid Write and Integer Overflow
* CVE-2017-6304
Out of Bounds read
* CVE-2017-6305
Out of Bounds read and write
* CVE-2017-6801
Out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef
* CVE-2017-6802
Heap-based buffer over-read on incoming Compressed RTF Streams,
related to DecompressRTF() in libytnef
Checksums-Sha1:
bac691f04452841a64f2aef652ba9d0d8ab35099 1939 libytnef_1.5-4+deb7u1.dsc
f04075187accaa82346ed873af8c61755de781cc 212412 libytnef_1.5.orig.tar.gz
f07c3948bd5100ed3e706932bb13b79761b4988a 384244 libytnef_1.5-4+deb7u1.debian.tar.gz
23d73bc4402256e62bc70e0331ace6f92ace136e 23580 libytnef0_1.5-4+deb7u1_amd64.deb
c6971d3b56a6428dc8bff928f5ea7e0a93cdfc89 31986 libytnef0-dev_1.5-4+deb7u1_amd64.deb
Checksums-Sha256:
09cc26289437770e621c06aa2c9a31d64d1a4030997168e6da7849c870625267 1939 libytnef_1.5-4+deb7u1.dsc
1b22a1e42e047c41a41917e89544992c33d30e9bd798b5b8ca7ef1eb75e1752e 212412 libytnef_1.5.orig.tar.gz
2144f4d9b7ade33ad24ed8f40eabafb10f597b8289077bf51474542014283725 384244 libytnef_1.5-4+deb7u1.debian.tar.gz
a4b64fc8e14ad76827ff5d16b679085e943c55b54d8604dcb8f5d0e17e9b799a 23580 libytnef0_1.5-4+deb7u1_amd64.deb
226fc20b39d0c948c3b14677e9940d943c53dff40675e74904d03cc175ae7a0c 31986 libytnef0-dev_1.5-4+deb7u1_amd64.deb
Files:
614053e533426d77afa841e78c2f0e6e 1939 utils extra libytnef_1.5-4+deb7u1.dsc
6c44b955f33cf714c75a7bbe895cc352 212412 utils extra libytnef_1.5.orig.tar.gz
ee7bf8670a18ad4d17b8b1ccecd11a5f 384244 utils extra libytnef_1.5-4+deb7u1.debian.tar.gz
acc3fa187c466cc676b50dcd1cd19d59 23580 libs extra libytnef0_1.5-4+deb7u1_amd64.deb
3ed4dbb2f85b301773c59b6bf5d1cf93 31986 libdevel extra libytnef0-dev_1.5-4+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAljaqTJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR3hXD/wOw4ppIORLsd0Uvn+YWPgjeDmueP6M
gKLdI5NxhuHw8lmV/NqCZ41NxZXptuNcI4NfITVv79UEoxvcYTqWYzWqf6iwp4hb
DoBNyRq7iZEncosibJji7bgCewzfLnW6l3NtDaWlIBQOzRmIj8Npr6+x/Gy6Oa89
B0JuzPIRIysol/AVkADy5fDDns6pIJ4Tzd9QtFtYSvw9mmuc7okR3ZMxkpeCG04A
1AwaF06FXDR0lCTnae30jP4OSaneAdfjxknbtO2OK7PIkvRBru5cOOeqUpSwq/Wh
9zpqwbYcMn0T5WlrR1H1xzcbzsdUMinh2Vqgnjrj1r4x3GpavygbhFrwnBZ5Y7aR
CIzueKvHbTEa0KTjY212BldRAbMrHkmxEfoBGINY8HaFOPCCyoDZxifoF3lOYiQ0
oEQaVeNJBrOdoffslnMVCE9dOORMjm9u2B/3CvdXAMBADzd9Tz2UH0a1RBuA8alF
olRt5ImcB9KsO/M1YhBA0ApcYcAPRoHMZpfCYnPBcnQLthUX1P+KYDoRa1kzSBYg
gdG5jqsAlFMv6Jh6DfM1dv6V4HEHBhRTZJclIYTAcDkvRKQwRhK0LV3u83pDjd6O
s/4vxx5ogv+nqeHXL5TShBcpYudi9XxYUnF+oXu0QBg/39+b39jZvjOxIRvWwwbF
eBn1xp7K6ZyCMg==
=kCfd
-----END PGP SIGNATURE-----
