Your message dated Thu, 09 Mar 2017 23:20:53 +0000 with message-id <e1cm7mb-0008bf...@fasolo.debian.org> and subject line Bug#856117: fixed in tnef 1.4.9-1+deb8u1 has caused the Debian Bug report #856117, regarding tnef: CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 856117: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856117 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: tnef Version: 1.4.9-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for tnef. CVE-2017-6307[0]: | An issue was discovered in tnef before 1.4.13. Two OOB Writes have been | identified in src/mapi_attr.c:mapi_attr_read(). These might lead to | invalid read and write operations, controlled by an attacker. CVE-2017-6308[1]: | An issue was discovered in tnef before 1.4.13. Several Integer | Overflows, which can lead to Heap Overflows, have been identified in | the functions that wrap memory allocation. CVE-2017-6309[2]: | An issue was discovered in tnef before 1.4.13. Two type confusions have | been identified in the parse_file() function. These might lead to | invalid read and write operations, controlled by an attacker. CVE-2017-6310[3]: | An issue was discovered in tnef before 1.4.13. Four type confusions | have been identified in the file_add_mapi_attrs() function. These might | lead to invalid read and write operations, controlled by an attacker. All of those fixed in 1.4.13. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6307 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6307 [1] https://security-tracker.debian.org/tracker/CVE-2017-6308 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6308 [2] https://security-tracker.debian.org/tracker/CVE-2017-6309 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6309 [3] https://security-tracker.debian.org/tracker/CVE-2017-6310 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6310 Regards, Salvatore -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: tnef Source-Version: 1.4.9-1+deb8u1 We believe that the bug you reported is fixed in the latest version of tnef, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 856...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated tnef package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Feb 2017 19:03:02 +0100 Source: tnef Binary: tnef Architecture: source amd64 Version: 1.4.9-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Kevin Coyner <kcoy...@debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Description: tnef - Tool to unpack MIME application/ms-tnef attachments Closes: 856117 Changes: tnef (1.4.9-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117) * CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6308 An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. * CVE-2017-6309 An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6310 An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. Checksums-Sha1: 44b841c8da86aaf5e553783540ffb282034152ab 1884 tnef_1.4.9-1+deb8u1.dsc d42ccbe3d41e797fb4133f2e01120680101e8782 3952575 tnef_1.4.9.orig.tar.gz dbc8d2eb01661692bc9044503c3e924385e88f45 6408 tnef_1.4.9-1+deb8u1.debian.tar.xz 5ba7da83e81d419dad2350c19f00c697a275e11a 47936 tnef_1.4.9-1+deb8u1_amd64.deb Checksums-Sha256: f4905763d514273b427d99a89a709a18d8370ca81e1900bbd6de7f448bfa940b 1884 tnef_1.4.9-1+deb8u1.dsc c4d64ec48f79681a11ee45b38c6b2177ce2d0a8c8f99733e90d462bd27eee6af 3952575 tnef_1.4.9.orig.tar.gz dcdd1e8a372c4f03077c85ea65500a13eff0177c3c917214e81d05f657f95eae 6408 tnef_1.4.9-1+deb8u1.debian.tar.xz 685bcef186164383d5282c40d876a0d3c9f3bf46bc77490852a896e1dc370ab4 47936 tnef_1.4.9-1+deb8u1_amd64.deb Files: 60ba775438595956e21553054d065543 1884 text optional tnef_1.4.9-1+deb8u1.dsc 83a3a8fe0c15c9bbe2a8dae74c46b761 3952575 text optional tnef_1.4.9.orig.tar.gz bf18cb1ff6f0aa65434e11e9aa5edc84 6408 text optional tnef_1.4.9-1+deb8u1.debian.tar.xz 33d69db92a61080d2169ad02e0d8476c 47936 text optional tnef_1.4.9-1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAli1wDRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR7IsD/98157RWPyIUPLMRSHgwYRGWsr2N8FC 7Myn0LDVsNQ1CavWY44CriXSPTaOy2ECC8595fAHlbaPlBDj8a2XmJBfMoyr8XXu XacBoRmlu73ghGzSOkhtgnL0UrcYYsUbw108CA5mmoSeGfBoi/oZsj37Y/FxM6MR uj9FoiTu8QZ+2xTGc5CBjmRqLWesUJvd4DWny9xiTZy+SRKsgmcpHphkcgBtpN7i WUCEF/7s+6/h/CRg1R9wOxrz4MH7SkFFNuGlzxwq4o+s2nOFgOnlKJYfP5DT6toT Sjfk1/r7w1tELy89RknXHqKVWK61id2covBhmvOkRGHvvLcnCN6Nj/CoZ7DbtO0E 2hnTHszD+8oLMC1VzLWlFwggUiDlxkS24B5xQ9RAfYOB8y1JU2HTs00AZgJXSmIA Vu2X6TGdzow14y83ANZL6Xj8fXyeWEE+gxIhiKEyFVvMjyS9lv3jHXyh/SMXZyjs AnJQZFlQQ17Ln0WY95MogxPYFR2kZA6XOnxXev4Adz+Tj5uYC+aDrMgsYWhOob4I r7XFzUD3Rt+2MDZH1frZmPMfOs+SZ8Pjlntb5kKvRbgjzhjpHLWiM2AFik0+IiUu Tl3drK3chkiQhGa5NNbP8qPTDYeRJ5isRjoTTme+B7td/HJ7vwDuLVn5YXYcMopz PyRCxqq6zwPQSg== =i+d+ -----END PGP SIGNATURE-----
--- End Message ---
