Your message dated Thu, 30 Mar 2017 18:23:42 +0000 with message-id <e1ctejw-0009dw...@fasolo.debian.org> and subject line Bug#856117: fixed in tnef 1.4.12-1.1 has caused the Debian Bug report #856117, regarding tnef: CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 856117: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856117 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: tnef Version: 1.4.9-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for tnef. CVE-2017-6307[0]: | An issue was discovered in tnef before 1.4.13. Two OOB Writes have been | identified in src/mapi_attr.c:mapi_attr_read(). These might lead to | invalid read and write operations, controlled by an attacker. CVE-2017-6308[1]: | An issue was discovered in tnef before 1.4.13. Several Integer | Overflows, which can lead to Heap Overflows, have been identified in | the functions that wrap memory allocation. CVE-2017-6309[2]: | An issue was discovered in tnef before 1.4.13. Two type confusions have | been identified in the parse_file() function. These might lead to | invalid read and write operations, controlled by an attacker. CVE-2017-6310[3]: | An issue was discovered in tnef before 1.4.13. Four type confusions | have been identified in the file_add_mapi_attrs() function. These might | lead to invalid read and write operations, controlled by an attacker. All of those fixed in 1.4.13. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6307 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6307 [1] https://security-tracker.debian.org/tracker/CVE-2017-6308 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6308 [2] https://security-tracker.debian.org/tracker/CVE-2017-6309 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6309 [3] https://security-tracker.debian.org/tracker/CVE-2017-6310 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6310 Regards, Salvatore -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: tnef Source-Version: 1.4.12-1.1 We believe that the bug you reported is fixed in the latest version of tnef, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 856...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated tnef package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Mar 2017 19:03:02 +0200 Source: tnef Binary: tnef Architecture: source amd64 Version: 1.4.12-1.1 Distribution: sid Urgency: medium Maintainer: Kevin Coyner <kcoy...@debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Description: tnef - Tool to unpack MIME application/ms-tnef attachments Closes: 856117 857342 Changes: tnef (1.4.12-1.1) unstable; urgency=medium . * Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117) * while fixing the CVEs, upstream introduced a regression fix-regression-1.patch and fix-regression-2.patch take care of that (Closes: #857342) * CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6308 An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. * CVE-2017-6309 An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6310 An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. Checksums-Sha1: f0e29a533743811dc2e1f9af8d38f44c8351080a 1884 tnef_1.4.12-1.1.dsc 1e6cb8a267157f9ee7696ef8fc4c602e40cb2902 8463407 tnef_1.4.12.orig.tar.gz 8ab3d4bdaf61438ee14aabea9f80f8f4f12abff8 6960 tnef_1.4.12-1.1.debian.tar.xz e6b0d09e2e4d52e9e5803ba2adf672c5f9492b09 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb fc0af99702d28da5969bb336530f4165908fdd84 5779 tnef_1.4.12-1.1_amd64.buildinfo 6c08d63b0cebc06107c2a02cd198f7d31ffd2cfa 42388 tnef_1.4.12-1.1_amd64.deb Checksums-Sha256: 8492ee46872f307250d41c252e584eaf3d32f510ec38441569dc8ec8608b6db8 1884 tnef_1.4.12-1.1.dsc f7dea4c806d2263948ed027dbb8c593191f321b79c73816bb5608c957bc70254 8463407 tnef_1.4.12.orig.tar.gz 771b4306cdfc3237fda90455b1c435c1f005bc021f5d180873baa5cd17310faa 6960 tnef_1.4.12-1.1.debian.tar.xz 35262cd7604f838d53bd3f10833a809869f37e7f3e585517ff573f51d529e9ac 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb 74b6c567571f22eaaf32642f3d468de2e4090b9144648edb7d82c9861305a8f2 5779 tnef_1.4.12-1.1_amd64.buildinfo e5d45325db23d10a5974d9c47a5c7e19979a01a0601c049889b7fd4e332c4acf 42388 tnef_1.4.12-1.1_amd64.deb Files: b80511f2c5b9189f47b7193b34cbeee3 1884 text optional tnef_1.4.12-1.1.dsc 59d96464d8aa10349c02ca1edd47f0ac 8463407 text optional tnef_1.4.12.orig.tar.gz 4c50a29e6cd252ce2f2e3067ab4133be 6960 text optional tnef_1.4.12-1.1.debian.tar.xz e819556f30e499eaf7b8f6fd412a5623 53408 debug extra tnef-dbgsym_1.4.12-1.1_amd64.deb c1fe21c7b86e266b2bbf73467e77df9a 5779 text optional tnef_1.4.12-1.1_amd64.buildinfo 05867ee7a6b60fd2f9255f3e372592b4 42388 text optional tnef_1.4.12-1.1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAljdSMZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR3/fD/4rEtNNMSo8KOZ66r3m3rhMZkk5U4cd ddc+4HuLUUTmKjKVQsAQ3a3eGWsXOJqna9BwPgkmnlw9/9mFFzyK+7pXmZWNOulu vd4OwvQscmeVClvZHsuziUdSwe0VDTx2HJaSXaUSYy2+Ahp7Mf9Mmfh3hyuwN23e TQpjaIMtCp1pyyE5qbbsTOqYTMphIqzz9FKvOeQHNOQqfSpNF8MUoHxcrqqJl9tE obLSccXXe1ItUovIwJYVNx2+NSuK8Wt5QrqnnSSLLNa/eonOetqiZi3iH8KGF1GD KWxHaXG/vID/UKvjFAo0TK6Tkw/9VR8Xb+3QztH2Wd0ZsYVSrG0ZxKbGFIoWfObU QdQMU/st0uWex7XngDeNgzAusSFNhf5YYo6FNT+Ioq99BnzgjMriYm5XxZPpmPjr feQVGlfXzj+EUjSXEL16njRsiJgoaNy2JxEzFRDLOrbZksFt9skW94udi9HFuzXC PQ9crifi4Zo7BYe/lEPamqHbiRiEyIa5FzjFePUsjBi2FcYi98ZMbe82Is3Lz8DJ 3rDHmXc8TaNtMnmU228TH81YlhTyo8a9+0FTibGZ6SyUp4Tppp2XiUX5/Jsz49D2 w3JQZfbKA0aMCFNNe/GJYTeVUt97lgibXbvZVQr9eMUg9tBDo0tVqqBQYmgcivlT Kvmyy58Z5NhknQ== =V7lV -----END PGP SIGNATURE-----
--- End Message ---
