-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Mar 2017 19:03:02 +0200 Source: tnef Binary: tnef Architecture: source amd64 Version: 1.4.12-1.1 Distribution: sid Urgency: medium Maintainer: Kevin Coyner <kcoyner@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: tnef - Tool to unpack MIME application/ms-tnef attachments Closes: 856117 857342 Changes: tnef (1.4.12-1.1) unstable; urgency=medium . * Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117) * while fixing the CVEs, upstream introduced a regression fix-regression-1.patch and fix-regression-2.patch take care of that (Closes: #857342) * CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6308 An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. * CVE-2017-6309 An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6310 An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. Checksums-Sha1: f0e29a533743811dc2e1f9af8d38f44c8351080a 1884 tnef_1.4.12-1.1.dsc 1e6cb8a267157f9ee7696ef8fc4c602e40cb2902 8463407 tnef_1.4.12.orig.tar.gz 8ab3d4bdaf61438ee14aabea9f80f8f4f12abff8 6960 tnef_1.4.12-1.1.debian.tar.xz e6b0d09e2e4d52e9e5803ba2adf672c5f9492b09 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb fc0af99702d28da5969bb336530f4165908fdd84 5779 tnef_1.4.12-1.1_amd64.buildinfo 6c08d63b0cebc06107c2a02cd198f7d31ffd2cfa 42388 tnef_1.4.12-1.1_amd64.deb Checksums-Sha256: 8492ee46872f307250d41c252e584eaf3d32f510ec38441569dc8ec8608b6db8 1884 tnef_1.4.12-1.1.dsc f7dea4c806d2263948ed027dbb8c593191f321b79c73816bb5608c957bc70254 8463407 tnef_1.4.12.orig.tar.gz 771b4306cdfc3237fda90455b1c435c1f005bc021f5d180873baa5cd17310faa 6960 tnef_1.4.12-1.1.debian.tar.xz 35262cd7604f838d53bd3f10833a809869f37e7f3e585517ff573f51d529e9ac 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb 74b6c567571f22eaaf32642f3d468de2e4090b9144648edb7d82c9861305a8f2 5779 tnef_1.4.12-1.1_amd64.buildinfo e5d45325db23d10a5974d9c47a5c7e19979a01a0601c049889b7fd4e332c4acf 42388 tnef_1.4.12-1.1_amd64.deb Files: b80511f2c5b9189f47b7193b34cbeee3 1884 text optional tnef_1.4.12-1.1.dsc 59d96464d8aa10349c02ca1edd47f0ac 8463407 text optional tnef_1.4.12.orig.tar.gz 4c50a29e6cd252ce2f2e3067ab4133be 6960 text optional tnef_1.4.12-1.1.debian.tar.xz e819556f30e499eaf7b8f6fd412a5623 53408 debug extra tnef-dbgsym_1.4.12-1.1_amd64.deb c1fe21c7b86e266b2bbf73467e77df9a 5779 text optional tnef_1.4.12-1.1_amd64.buildinfo 05867ee7a6b60fd2f9255f3e372592b4 42388 text optional tnef_1.4.12-1.1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAljdSMZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR3/fD/4rEtNNMSo8KOZ66r3m3rhMZkk5U4cd ddc+4HuLUUTmKjKVQsAQ3a3eGWsXOJqna9BwPgkmnlw9/9mFFzyK+7pXmZWNOulu vd4OwvQscmeVClvZHsuziUdSwe0VDTx2HJaSXaUSYy2+Ahp7Mf9Mmfh3hyuwN23e TQpjaIMtCp1pyyE5qbbsTOqYTMphIqzz9FKvOeQHNOQqfSpNF8MUoHxcrqqJl9tE obLSccXXe1ItUovIwJYVNx2+NSuK8Wt5QrqnnSSLLNa/eonOetqiZi3iH8KGF1GD KWxHaXG/vID/UKvjFAo0TK6Tkw/9VR8Xb+3QztH2Wd0ZsYVSrG0ZxKbGFIoWfObU QdQMU/st0uWex7XngDeNgzAusSFNhf5YYo6FNT+Ioq99BnzgjMriYm5XxZPpmPjr feQVGlfXzj+EUjSXEL16njRsiJgoaNy2JxEzFRDLOrbZksFt9skW94udi9HFuzXC PQ9crifi4Zo7BYe/lEPamqHbiRiEyIa5FzjFePUsjBi2FcYi98ZMbe82Is3Lz8DJ 3rDHmXc8TaNtMnmU228TH81YlhTyo8a9+0FTibGZ6SyUp4Tppp2XiUX5/Jsz49D2 w3JQZfbKA0aMCFNNe/GJYTeVUt97lgibXbvZVQr9eMUg9tBDo0tVqqBQYmgcivlT Kvmyy58Z5NhknQ== =V7lV -----END PGP SIGNATURE-----
