Your message dated Mon, 29 May 2017 15:24:39 +0000 with message-id <e1dfmx9-000e4f...@fasolo.debian.org> and subject line Bug#862442: fixed in tnef 1.4.12-1.2 has caused the Debian Bug report #862442, regarding tnef: CVE-2017-8911: integer underflow in unicode_to_utf8 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 862442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862442 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: tnef Version: 1.4.12-1.1 Severity: important Tags: security upstream Forwarded: https://github.com/verdammelt/tnef/issues/23 Hi, the following vulnerability was published for tnef. CVE-2017-8911[0]: | An integer underflow has been identified in the unicode_to_utf8() | function in tnef 1.4.14. This might lead to invalid write operations, | controlled by an attacker. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8911 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8911 [1] https://github.com/verdammelt/tnef/issues/23 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: tnef Source-Version: 1.4.12-1.2 We believe that the bug you reported is fixed in the latest version of tnef, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 862...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <deb...@alteholz.de> (supplier of updated tnef package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 29 May 2017 15:03:02 +0200 Source: tnef Binary: tnef Architecture: source amd64 Version: 1.4.12-1.2 Distribution: sid Urgency: medium Maintainer: Kevin Coyner <kcoy...@debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Description: tnef - Tool to unpack MIME application/ms-tnef attachments Closes: 862442 Changes: tnef (1.4.12-1.2) unstable; urgency=medium . * Non-maintainer upload by the Wheezy LTS Team. (Closes: #862442) * CVE-2017-8911 An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker. Checksums-Sha1: fe4e396d1e94ca3e8a22d12ab721f987613f057d 1884 tnef_1.4.12-1.2.dsc 1e6cb8a267157f9ee7696ef8fc4c602e40cb2902 8463407 tnef_1.4.12.orig.tar.gz c27b91e350152dc06d523281ddb39baa261ea22a 7380 tnef_1.4.12-1.2.debian.tar.xz f6abe59353af2a36484f05221090e25dd61aeb73 53494 tnef-dbgsym_1.4.12-1.2_amd64.deb 7bea685667a11ffd0537a41e56d68226de12ccb4 5792 tnef_1.4.12-1.2_amd64.buildinfo f7b16a73aa8d68a2f37057f1cfc23813239af110 42432 tnef_1.4.12-1.2_amd64.deb Checksums-Sha256: 520449bdf8a10d7e8373df7c6bfa3c10ee0ba23f64fdea0d0ffc9d44435b84ba 1884 tnef_1.4.12-1.2.dsc f7dea4c806d2263948ed027dbb8c593191f321b79c73816bb5608c957bc70254 8463407 tnef_1.4.12.orig.tar.gz 203994e6fe84fe1454e8e93e440cfe38bc8615bd78773f2f29883ab65c61c546 7380 tnef_1.4.12-1.2.debian.tar.xz a820062ab3908ac8992595f2c48ba69ea200377bde429258d4cccbd020abff11 53494 tnef-dbgsym_1.4.12-1.2_amd64.deb 8d972a35590e4693ba711b7755eda1fe64cdc7683fd70252c1837825f916485e 5792 tnef_1.4.12-1.2_amd64.buildinfo 4e59c945851e144efd471a306b81f89f1da1e379a6f8e5244400f4599409e25a 42432 tnef_1.4.12-1.2_amd64.deb Files: 14b2ab5d0c32a43e0dbe094298d71b3c 1884 text optional tnef_1.4.12-1.2.dsc 59d96464d8aa10349c02ca1edd47f0ac 8463407 text optional tnef_1.4.12.orig.tar.gz cd3ca26f77e916f98b45601bd7186988 7380 text optional tnef_1.4.12-1.2.debian.tar.xz 128999d70dd113e20de6a8ef69c55c69 53494 debug extra tnef-dbgsym_1.4.12-1.2_amd64.deb b4443b62eade10786bffbac6de5ffef7 5792 text optional tnef_1.4.12-1.2_amd64.buildinfo d7897556350def3eca0810cdd7ec592d 42432 text optional tnef_1.4.12-1.2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlksKlRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR+7pD/9YuOER6gGOfAbcOpw+wud+E5My4ATo jnHNAniI8I3duh5FHaGgfl1nAVRWnXchGMaWMC9CizCZne99HYERt/FySG7qCBES HHpxYcZJnWSK2Y1rMiTClD+//ieBG+i6b3tVDY5VSrP3vvOGWZDEA1jK6lUQnaxK SLX440FRJw/KZM5kMDeDCSCj4ksu984vrW9ElAQKpcoY+o4LSkX1r1qdEOF/hdw0 aHPiOKK3bYPlBqwE0uw19WnKjQ4tJheOGK9sqimDmxM9MTjhfFk57jM7kISgohns v4w91GsZK7iAo1KiYSSI7oX51QMpD2bq9si5Hna/Z033aVU7Kd+N3qph6tw3PRqg v3za23PMa1vtcOv3lEj+0UeE4qSJnnrtCyhNchE5AeNpVzowh0hZCMovfo1iyuNS itTyLZF9TNFJlX3PtOKp7yInQqIJRgrmryGnr/OpYXYSab6AT80fO5KyKBGCMkeh 3j0uzX014i8gCq7doHHGT55v7xOZmjvIjr81RSY3ctY6HwoJt5ItOIy45Qn54uPi adBYzHnOQVey4BkClh6QWzDqkGyVbPKB5JTPMd/igW7xLe2RMStlQP4UkR3PyO1j nB7KJbqnm7zzjCXO/WmjlL6kVBECrJwx+mrPVxJc8j+UdH4brqeGB95XertIjmKs pXpM/X4wl+5Wow== =XWFn -----END PGP SIGNATURE-----
--- End Message ---
