Accepted tnef 1.4.12-1.1 (source amd64) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Mar 2017 19:03:02 +0200
Source: tnef
Binary: tnef
Architecture: source amd64
Version: 1.4.12-1.1
Distribution: sid
Urgency: medium
Maintainer: Kevin Coyner <kcoyner@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
tnef - Tool to unpack MIME application/ms-tnef attachments
Closes: 856117 857342
Changes:
tnef (1.4.12-1.1) unstable; urgency=medium
.
* Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117)
* while fixing the CVEs, upstream introduced a regression
fix-regression-1.patch and fix-regression-2.patch take care of
that (Closes: #857342)
* CVE-2017-6307
An issue was discovered in tnef before 1.4.13. Two OOB Writes have
been identified in src/mapi_attr.c:mapi_attr_read(). These might
lead to invalid read and write operations, controlled by an attacker.
* CVE-2017-6308
An issue was discovered in tnef before 1.4.13. Several Integer
Overflows, which can lead to Heap Overflows, have been identified
in the functions that wrap memory allocation.
* CVE-2017-6309
An issue was discovered in tnef before 1.4.13. Two type confusions
have been identified in the parse_file() function. These might lead
to invalid read and write operations, controlled by an attacker.
* CVE-2017-6310
An issue was discovered in tnef before 1.4.13. Four type confusions
have been identified in the file_add_mapi_attrs() function.
These might lead to invalid read and write operations, controlled
by an attacker.
Checksums-Sha1:
f0e29a533743811dc2e1f9af8d38f44c8351080a 1884 tnef_1.4.12-1.1.dsc
1e6cb8a267157f9ee7696ef8fc4c602e40cb2902 8463407 tnef_1.4.12.orig.tar.gz
8ab3d4bdaf61438ee14aabea9f80f8f4f12abff8 6960 tnef_1.4.12-1.1.debian.tar.xz
e6b0d09e2e4d52e9e5803ba2adf672c5f9492b09 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb
fc0af99702d28da5969bb336530f4165908fdd84 5779 tnef_1.4.12-1.1_amd64.buildinfo
6c08d63b0cebc06107c2a02cd198f7d31ffd2cfa 42388 tnef_1.4.12-1.1_amd64.deb
Checksums-Sha256:
8492ee46872f307250d41c252e584eaf3d32f510ec38441569dc8ec8608b6db8 1884 tnef_1.4.12-1.1.dsc
f7dea4c806d2263948ed027dbb8c593191f321b79c73816bb5608c957bc70254 8463407 tnef_1.4.12.orig.tar.gz
771b4306cdfc3237fda90455b1c435c1f005bc021f5d180873baa5cd17310faa 6960 tnef_1.4.12-1.1.debian.tar.xz
35262cd7604f838d53bd3f10833a809869f37e7f3e585517ff573f51d529e9ac 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb
74b6c567571f22eaaf32642f3d468de2e4090b9144648edb7d82c9861305a8f2 5779 tnef_1.4.12-1.1_amd64.buildinfo
e5d45325db23d10a5974d9c47a5c7e19979a01a0601c049889b7fd4e332c4acf 42388 tnef_1.4.12-1.1_amd64.deb
Files:
b80511f2c5b9189f47b7193b34cbeee3 1884 text optional tnef_1.4.12-1.1.dsc
59d96464d8aa10349c02ca1edd47f0ac 8463407 text optional tnef_1.4.12.orig.tar.gz
4c50a29e6cd252ce2f2e3067ab4133be 6960 text optional tnef_1.4.12-1.1.debian.tar.xz
e819556f30e499eaf7b8f6fd412a5623 53408 debug extra tnef-dbgsym_1.4.12-1.1_amd64.deb
c1fe21c7b86e266b2bbf73467e77df9a 5779 text optional tnef_1.4.12-1.1_amd64.buildinfo
05867ee7a6b60fd2f9255f3e372592b4 42388 text optional tnef_1.4.12-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAljdSMZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR3/fD/4rEtNNMSo8KOZ66r3m3rhMZkk5U4cd
ddc+4HuLUUTmKjKVQsAQ3a3eGWsXOJqna9BwPgkmnlw9/9mFFzyK+7pXmZWNOulu
vd4OwvQscmeVClvZHsuziUdSwe0VDTx2HJaSXaUSYy2+Ahp7Mf9Mmfh3hyuwN23e
TQpjaIMtCp1pyyE5qbbsTOqYTMphIqzz9FKvOeQHNOQqfSpNF8MUoHxcrqqJl9tE
obLSccXXe1ItUovIwJYVNx2+NSuK8Wt5QrqnnSSLLNa/eonOetqiZi3iH8KGF1GD
KWxHaXG/vID/UKvjFAo0TK6Tkw/9VR8Xb+3QztH2Wd0ZsYVSrG0ZxKbGFIoWfObU
QdQMU/st0uWex7XngDeNgzAusSFNhf5YYo6FNT+Ioq99BnzgjMriYm5XxZPpmPjr
feQVGlfXzj+EUjSXEL16njRsiJgoaNy2JxEzFRDLOrbZksFt9skW94udi9HFuzXC
PQ9crifi4Zo7BYe/lEPamqHbiRiEyIa5FzjFePUsjBi2FcYi98ZMbe82Is3Lz8DJ
3rDHmXc8TaNtMnmU228TH81YlhTyo8a9+0FTibGZ6SyUp4Tppp2XiUX5/Jsz49D2
w3JQZfbKA0aMCFNNe/GJYTeVUt97lgibXbvZVQr9eMUg9tBDo0tVqqBQYmgcivlT
Kvmyy58Z5NhknQ==
=V7lV
-----END PGP SIGNATURE-----