Back to tnef PTS page

Accepted tnef 1.4.9-1+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted tnef 1.4.9-1+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 09 Mar 2017 23:20:53 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1cm7Mb-0008b9-4M@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Feb 2017 19:03:02 +0100
Source: tnef
Binary: tnef
Architecture: source amd64
Version: 1.4.9-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Kevin Coyner <kcoyner@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 tnef       - Tool to unpack MIME application/ms-tnef attachments
Closes: 856117
Changes:
 tnef (1.4.9-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117)
   * CVE-2017-6307
     An issue was discovered in tnef before 1.4.13. Two OOB Writes have
     been identified in src/mapi_attr.c:mapi_attr_read(). These might
     lead to invalid read and write operations, controlled by an attacker.
   * CVE-2017-6308
     An issue was discovered in tnef before 1.4.13. Several Integer
     Overflows, which can lead to Heap Overflows, have been identified
     in the functions that wrap memory allocation.
   * CVE-2017-6309
     An issue was discovered in tnef before 1.4.13. Two type confusions
     have been identified in the parse_file() function. These might lead
     to invalid read and write operations, controlled by an attacker.
   * CVE-2017-6310
     An issue was discovered in tnef before 1.4.13. Four type confusions
     have been identified in the file_add_mapi_attrs() function.
     These might lead to invalid read and write operations, controlled
     by an attacker.
Checksums-Sha1:
 44b841c8da86aaf5e553783540ffb282034152ab 1884 tnef_1.4.9-1+deb8u1.dsc
 d42ccbe3d41e797fb4133f2e01120680101e8782 3952575 tnef_1.4.9.orig.tar.gz
 dbc8d2eb01661692bc9044503c3e924385e88f45 6408 tnef_1.4.9-1+deb8u1.debian.tar.xz
 5ba7da83e81d419dad2350c19f00c697a275e11a 47936 tnef_1.4.9-1+deb8u1_amd64.deb
Checksums-Sha256:
 f4905763d514273b427d99a89a709a18d8370ca81e1900bbd6de7f448bfa940b 1884 tnef_1.4.9-1+deb8u1.dsc
 c4d64ec48f79681a11ee45b38c6b2177ce2d0a8c8f99733e90d462bd27eee6af 3952575 tnef_1.4.9.orig.tar.gz
 dcdd1e8a372c4f03077c85ea65500a13eff0177c3c917214e81d05f657f95eae 6408 tnef_1.4.9-1+deb8u1.debian.tar.xz
 685bcef186164383d5282c40d876a0d3c9f3bf46bc77490852a896e1dc370ab4 47936 tnef_1.4.9-1+deb8u1_amd64.deb
Files:
 60ba775438595956e21553054d065543 1884 text optional tnef_1.4.9-1+deb8u1.dsc
 83a3a8fe0c15c9bbe2a8dae74c46b761 3952575 text optional tnef_1.4.9.orig.tar.gz
 bf18cb1ff6f0aa65434e11e9aa5edc84 6408 text optional tnef_1.4.9-1+deb8u1.debian.tar.xz
 33d69db92a61080d2169ad02e0d8476c 47936 text optional tnef_1.4.9-1+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAli1wDRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR7IsD/98157RWPyIUPLMRSHgwYRGWsr2N8FC
7Myn0LDVsNQ1CavWY44CriXSPTaOy2ECC8595fAHlbaPlBDj8a2XmJBfMoyr8XXu
XacBoRmlu73ghGzSOkhtgnL0UrcYYsUbw108CA5mmoSeGfBoi/oZsj37Y/FxM6MR
uj9FoiTu8QZ+2xTGc5CBjmRqLWesUJvd4DWny9xiTZy+SRKsgmcpHphkcgBtpN7i
WUCEF/7s+6/h/CRg1R9wOxrz4MH7SkFFNuGlzxwq4o+s2nOFgOnlKJYfP5DT6toT
Sjfk1/r7w1tELy89RknXHqKVWK61id2covBhmvOkRGHvvLcnCN6Nj/CoZ7DbtO0E
2hnTHszD+8oLMC1VzLWlFwggUiDlxkS24B5xQ9RAfYOB8y1JU2HTs00AZgJXSmIA
Vu2X6TGdzow14y83ANZL6Xj8fXyeWEE+gxIhiKEyFVvMjyS9lv3jHXyh/SMXZyjs
AnJQZFlQQ17Ln0WY95MogxPYFR2kZA6XOnxXev4Adz+Tj5uYC+aDrMgsYWhOob4I
r7XFzUD3Rt+2MDZH1frZmPMfOs+SZ8Pjlntb5kKvRbgjzhjpHLWiM2AFik0+IiUu
Tl3drK3chkiQhGa5NNbP8qPTDYeRJ5isRjoTTme+B7td/HJ7vwDuLVn5YXYcMopz
PyRCxqq6zwPQSg==
=i+d+
-----END PGP SIGNATURE-----