Debian Package Tracker

general

source: libytnef (main)
version: 1.9.3-1
maintainer: Ricardo Mones [DMD] [LowNMU]
uploaders: Jordi Mallach [DMD]
arch: any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.5-6+deb8u1
old-sec: 1.5-6+deb8u1
stable: 1.9.2-2
testing: 1.9.3-1
unstable: 1.9.3-1

versioned links

1.5-6+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.9.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.9.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libytnef0
libytnef0-dev
ytnef-tools

action needed

lintian reports 3 warnings high

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2016-04-26 Last update: 2019-03-12 04:42

3 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit dfbbe46a6b5cc6f72980845fef4a14bbaf00bc88
Merge: 53baa72 dedeea7
Author: Jordi Mallach <jordi@debian.org>
Date:   Mon Oct 22 10:55:47 2018 +0200

    Merge branch 'master' of salsa.debian.org:debian/ytnef

commit 53baa724e24938839db7dea888e377478b86432f
Author: Jordi Mallach <jordi@debian.org>
Date:   Mon May 22 23:51:56 2017 +0200

    Release to unstable.

commit ea31025cff7c183b495d5d53e95369bc29b507bc
Author: Jordi Mallach <jordi@debian.org>
Date:   Mon May 22 23:49:49 2017 +0200

    Add fix for CVE-2017-9058.

Created: 2018-10-22 Last update: 2019-04-23 22:13

10 ignored security issues in jessie low

There are 10 open security issues in jessie.

10 issues skipped by the security teams:

CVE-2017-9472: In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9470: In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2017-12142: In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9058: In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.
CVE-2017-12144: In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-12141: In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9473: In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-9474: In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9471: In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9146: The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.

Please fix them.

Created: 2017-05-18 Last update: 2019-01-06 14:41

9 ignored security issues in stretch low

There are 9 open security issues in stretch.

9 issues skipped by the security teams:

CVE-2017-9472: In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9470: In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2017-12142: In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-12144: In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-12141: In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9473: In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-9474: In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9471: In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9146: The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.

Please fix them.

Created: 2017-05-18 Last update: 2019-01-06 14:41

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2018-12-23 17:15

news

[rss feed]

[2018-10-28] libytnef 1.9.3-1 MIGRATED to testing (Debian testing watch)
[2018-10-21] Accepted libytnef 1.9.3-1 (source amd64) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2017-05-27] Accepted libytnef 1.5-6+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Jordi Mallach) (signed by: Jordi Mallach i Pérez)
[2017-05-26] libytnef 1.9.2-2 MIGRATED to testing (Debian testing watch)
[2017-05-24] Accepted libytnef 1.9.2-2 (source amd64) into unstable (Jordi Mallach) (signed by: Jordi Mallach i Pérez)
[2017-03-28] Accepted libytnef 1.5-4+deb7u1 (source amd64) into oldstable (Thorsten Alteholz)
[2017-03-13] libytnef 1.9.2-1 MIGRATED to testing (Debian testing watch)
[2017-03-07] Accepted libytnef 1.9.2-1 (source amd64) into unstable (Jordi Mallach) (signed by: Jordi Mallach i Pérez)
[2017-02-27] libytnef 1.9.1-1 MIGRATED to testing (Debian testing watch)
[2017-02-22] Accepted libytnef 1.9.1-1 (source amd64) into unstable (Jordi Mallach) (signed by: Jordi Mallach i Pérez)
[2017-01-27] libytnef 1.9-1 MIGRATED to testing (Debian testing watch)
[2017-01-17] Accepted libytnef 1.9-1 (source amd64) into unstable, unstable (Jordi Mallach) (signed by: Jordi Mallach i Pérez)
[2015-08-28] libytnef 1.5-9 MIGRATED to testing (Britney)
[2015-08-22] Accepted libytnef 1.5-9 (source amd64) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2015-08-21] Accepted libytnef 1.5-8 (source amd64) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2015-08-20] Accepted libytnef 1.5-7 (source amd64) into unstable (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2013-12-24] libytnef 1.5-6 MIGRATED to testing (Debian testing watch)
[2013-12-18] Accepted libytnef 1.5-6 (source amd64) (Matthias Klose)
[2013-10-21] libytnef 1.5-5 MIGRATED to testing (Debian testing watch)
[2013-10-10] Accepted libytnef 1.5-5 (source amd64) (Matthias Klose)
[2011-09-30] libytnef 1.5-4 MIGRATED to testing (Debian testing watch)
[2011-09-20] Accepted libytnef 1.5-4 (source amd64) (Ricardo Mones) (signed by: Ricardo Mones Lastra)
[2011-06-17] libytnef 1.5-3 MIGRATED to testing (Debian testing watch)
[2011-06-04] Accepted libytnef 1.5-3 (source amd64) (Alessio Treglia)
[2009-10-17] libytnef 1.5-2 MIGRATED to testing (Debian testing watch)
[2009-09-28] Accepted libytnef 1.5-2 (source amd64) (Joshua Kwan)
[2009-09-02] libytnef 1.5-1.1 MIGRATED to testing (Debian testing watch)
[2009-08-16] Accepted libytnef 1.5-1.1 (source kfreebsd-i386) (Aurelien Jarno)
[2005-05-30] Accepted libytnef 1.5-1 (i386 source) (Joshua Kwan)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 3)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.9.3-1
1 bug