Back to tnef PTS page

Accepted tnef 1.4.9-1+deb7u1 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted tnef 1.4.9-1+deb7u1 (source amd64) into oldstable
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 27 Feb 2017 19:00:11 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1ciQWp-00041q-6U@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Feb 2017 19:03:02 +0100
Source: tnef
Binary: tnef
Architecture: source amd64
Version: 1.4.9-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Kevin Coyner <kcoyner@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 tnef       - Tool to unpack MIME application/ms-tnef attachments
Changes:
 tnef (1.4.9-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Wheezy LTS Team.
   * CVE-2017-6307
     An issue was discovered in tnef before 1.4.13. Two OOB Writes have
     been identified in src/mapi_attr.c:mapi_attr_read(). These might
     lead to invalid read and write operations, controlled by an attacker.
   * CVE-2017-6308
     An issue was discovered in tnef before 1.4.13. Several Integer
     Overflows, which can lead to Heap Overflows, have been identified
     in the functions that wrap memory allocation.
   * CVE-2017-6309
     An issue was discovered in tnef before 1.4.13. Two type confusions
     have been identified in the parse_file() function. These might lead
     to invalid read and write operations, controlled by an attacker.
   * CVE-2017-6310
     An issue was discovered in tnef before 1.4.13. Four type confusions
     have been identified in the file_add_mapi_attrs() function.
     These might lead to invalid read and write operations, controlled
     by an attacker.
Checksums-Sha1:
 60e50a79f2a198b2a81ee25ebe2556176737641f 1879 tnef_1.4.9-1+deb7u1.dsc
 d42ccbe3d41e797fb4133f2e01120680101e8782 3952575 tnef_1.4.9.orig.tar.gz
 ae396724da5e6dd9288d1189fe6d64951450cbe6 6837 tnef_1.4.9-1+deb7u1.debian.tar.gz
 19cacaab6a4ceb4a19fab52cd0bdd84435df2ade 53896 tnef_1.4.9-1+deb7u1_amd64.deb
Checksums-Sha256:
 897fd9710c9902ffe5dcc726126c44548f40e1e4aac47319cdb363223ad6edaf 1879 tnef_1.4.9-1+deb7u1.dsc
 c4d64ec48f79681a11ee45b38c6b2177ce2d0a8c8f99733e90d462bd27eee6af 3952575 tnef_1.4.9.orig.tar.gz
 5a75b8afe0d93fd2e719f79ab5b01e87b81b8653d0701abcfcbc7aaf0827266b 6837 tnef_1.4.9-1+deb7u1.debian.tar.gz
 24119db70da4059f58f60a71fec824ef35ee7504393fe61b8775fe85cd7e9280 53896 tnef_1.4.9-1+deb7u1_amd64.deb
Files:
 c225b7d20a1c6b1d6c3bb14c11afacad 1879 text optional tnef_1.4.9-1+deb7u1.dsc
 83a3a8fe0c15c9bbe2a8dae74c46b761 3952575 text optional tnef_1.4.9.orig.tar.gz
 980a3eb82f4aa548c6e4662adb836b1d 6837 text optional tnef_1.4.9-1+deb7u1.debian.tar.gz
 7282bccf0f72339b948f911e7960530f 53896 text optional tnef_1.4.9-1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAli0dLpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRzC7EACogP0aGksO1xwRvE7nFRLsCZSPAGS2
b8bzA1s2/t3MaTX4esZqwPAJEQrXoaUXdMMiQsv41lCxJendGJtAoOKbCGRaYjw0
8WupK2JZ1phga7//N2sx35fW5yEszJ+RLeM4JWiDy/yzwRoC3NKUFGfIO+XEvh7b
1au1DCBHf0S7UNt65nkedaL50Qv+yT5zJCnYbEc2xWg7C0wOSYDadATnVDm7XIIC
mP83kCE74gPl8UDhGt4LOHLfW95CdWnYU0GTf5RM01K8gilu6k/nmGDGFeiQpaMx
n16y+XgHWb/tu85lSRGavDL95B0bJXkqvryE5nWshLRG6BQCPwivc22PdYWX6x3n
/rcEjuajxr+IcTP8hxJCckzi3YCPGZDycMsnP2k9eDDKs+PRnMu+drH4mq5tAjkM
vYG5AkY7lMBB/8lxs6ZrcAb9+Xe9C2NanRZGkKZNX2sd+Ma2VhIFYjaGZ4xV2rB5
OttIW55aAcjQKYB0HVPW7Mh0KS4FVUZRn9f67ThlVMbkCHoQ3NljasrnNh0b7WOf
RgJ//06Abi4yVSx6Mcjb1dKvN4ce3oPBH6vmxRGHp9uynzjJXjVUvqwbNiJoQUfR
JqK7V7gZpw0fVo7EMIIQ0BkUcnv5/luBZnT353n/CH9otN60C7YJFxB/hEYI3nEH
ufUBXFCjj/C9ZQ==
=9IcS
-----END PGP SIGNATURE-----