Your message dated Thu, 30 Mar 2017 18:23:42 +0000 with message-id <[email protected]> and subject line Bug#857342: fixed in tnef 1.4.12-1.1 has caused the Debian Bug report #857342, regarding tnef: thef in version 1.4.9-1+deb8u1 is unable to extract from winmail.dat to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 857342: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857342 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: tnef Version: 1.4.9-1+deb8u1 Severity: normal Afer security update to version 1.4.9-+deb8u1 tnef is unable to extract file that was working before update. I'm using command(file attached): tnef --list /tmp/winmail.dat-c8BSWz and i get(strace attached): tnef: mapi_attr.c:233: mapi_attr_read: Assertion `(idx+(a->names[i].len*2)) <= len' failed. Przerwane After downgrading to version thef-1.4.9-1 extraction works fine. -- System Information: Debian Release: 8.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-040900-generic (SMP w/4 CPU cores) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to pl_PL.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages tnef depends on: ii libc6 2.19-18+deb8u7 Versions of packages tnef recommends: ii mime-support 3.58 tnef suggests no packages. -- no debconf information
winmail.dat-c8BSWz
Description: Binary data2977 execve("/usr/bin/tnef", ["tnef", "--list", "/tmp/winmail.dat-c8BSWz"], [/* 15 vars */]) = 0 2977 brk(0) = 0x1643000 2977 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 2977 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe444260000 2977 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 2977 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 2977 fstat(3, {st_mode=S_IFREG|0644, st_size=37190, ...}) = 0 2977 mmap(NULL, 37190, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fe444256000 2977 close(3) = 0 2977 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 2977 open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 2977 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\34\2\0\0\0\0\0"..., 832) = 832 2977 fstat(3, {st_mode=S_IFREG|0755, st_size=1738176, ...}) = 0 2977 mmap(NULL, 3844640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fe443c97000 2977 mprotect(0x7fe443e38000, 2097152, PROT_NONE) = 0 2977 mmap(0x7fe444038000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a1000) = 0x7fe444038000 2977 mmap(0x7fe44403e000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fe44403e000 2977 close(3) = 0 2977 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe444255000 2977 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe444254000 2977 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe444253000 2977 arch_prctl(ARCH_SET_FS, 0x7fe444254700) = 0 2977 mprotect(0x7fe444038000, 16384, PROT_READ) = 0 2977 mprotect(0x7fe444262000, 4096, PROT_READ) = 0 2977 munmap(0x7fe444256000, 37190) = 0 2977 brk(0) = 0x1643000 2977 brk(0x1664000) = 0x1664000 2977 open("/tmp/winmail.dat-c8BSWz", O_RDONLY) = 3 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe44425f000 2977 read(3, "x\237>\"\354i\1\6\220\10\0\4\0\0\0\0\0\1\0\1\0\1\7\220\6\0\10\0\0\0\344\4"..., 4096) = 4096 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 lseek(3, 0, SEEK_CUR) = 4096 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 fstat(3, {st_mode=S_IFREG|0666, st_size=38632, ...}) = 0 2977 read(3, "></o:p></span></p><p class=MsoNo"..., 4096) = 4096 2977 read(3, "\0\0\0\0F\0\0\0\0\6\205\0\0\0\0\0\0\37\0007\0\1\0\0\0\216\0\0\0R\0E"..., 4096) = 4096 2977 write(2, "tnef: mapi_attr.c:233: mapi_attr"..., 92) = 92 2977 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe44425e000 2977 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 2977 gettid() = 2977 2977 tgkill(2977, 2977, SIGABRT) = 0 2977 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=2977, si_uid=0} --- 2977 +++ killed by SIGABRT (core dumped) +++
--- End Message ---
--- Begin Message ---Source: tnef Source-Version: 1.4.12-1.1 We believe that the bug you reported is fixed in the latest version of tnef, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <[email protected]> (supplier of updated tnef package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Mar 2017 19:03:02 +0200 Source: tnef Binary: tnef Architecture: source amd64 Version: 1.4.12-1.1 Distribution: sid Urgency: medium Maintainer: Kevin Coyner <[email protected]> Changed-By: Thorsten Alteholz <[email protected]> Description: tnef - Tool to unpack MIME application/ms-tnef attachments Closes: 856117 857342 Changes: tnef (1.4.12-1.1) unstable; urgency=medium . * Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117) * while fixing the CVEs, upstream introduced a regression fix-regression-1.patch and fix-regression-2.patch take care of that (Closes: #857342) * CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6308 An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. * CVE-2017-6309 An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. * CVE-2017-6310 An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. Checksums-Sha1: f0e29a533743811dc2e1f9af8d38f44c8351080a 1884 tnef_1.4.12-1.1.dsc 1e6cb8a267157f9ee7696ef8fc4c602e40cb2902 8463407 tnef_1.4.12.orig.tar.gz 8ab3d4bdaf61438ee14aabea9f80f8f4f12abff8 6960 tnef_1.4.12-1.1.debian.tar.xz e6b0d09e2e4d52e9e5803ba2adf672c5f9492b09 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb fc0af99702d28da5969bb336530f4165908fdd84 5779 tnef_1.4.12-1.1_amd64.buildinfo 6c08d63b0cebc06107c2a02cd198f7d31ffd2cfa 42388 tnef_1.4.12-1.1_amd64.deb Checksums-Sha256: 8492ee46872f307250d41c252e584eaf3d32f510ec38441569dc8ec8608b6db8 1884 tnef_1.4.12-1.1.dsc f7dea4c806d2263948ed027dbb8c593191f321b79c73816bb5608c957bc70254 8463407 tnef_1.4.12.orig.tar.gz 771b4306cdfc3237fda90455b1c435c1f005bc021f5d180873baa5cd17310faa 6960 tnef_1.4.12-1.1.debian.tar.xz 35262cd7604f838d53bd3f10833a809869f37e7f3e585517ff573f51d529e9ac 53408 tnef-dbgsym_1.4.12-1.1_amd64.deb 74b6c567571f22eaaf32642f3d468de2e4090b9144648edb7d82c9861305a8f2 5779 tnef_1.4.12-1.1_amd64.buildinfo e5d45325db23d10a5974d9c47a5c7e19979a01a0601c049889b7fd4e332c4acf 42388 tnef_1.4.12-1.1_amd64.deb Files: b80511f2c5b9189f47b7193b34cbeee3 1884 text optional tnef_1.4.12-1.1.dsc 59d96464d8aa10349c02ca1edd47f0ac 8463407 text optional tnef_1.4.12.orig.tar.gz 4c50a29e6cd252ce2f2e3067ab4133be 6960 text optional tnef_1.4.12-1.1.debian.tar.xz e819556f30e499eaf7b8f6fd412a5623 53408 debug extra tnef-dbgsym_1.4.12-1.1_amd64.deb c1fe21c7b86e266b2bbf73467e77df9a 5779 text optional tnef_1.4.12-1.1_amd64.buildinfo 05867ee7a6b60fd2f9255f3e372592b4 42388 text optional tnef_1.4.12-1.1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAljdSMZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR3/fD/4rEtNNMSo8KOZ66r3m3rhMZkk5U4cd ddc+4HuLUUTmKjKVQsAQ3a3eGWsXOJqna9BwPgkmnlw9/9mFFzyK+7pXmZWNOulu vd4OwvQscmeVClvZHsuziUdSwe0VDTx2HJaSXaUSYy2+Ahp7Mf9Mmfh3hyuwN23e TQpjaIMtCp1pyyE5qbbsTOqYTMphIqzz9FKvOeQHNOQqfSpNF8MUoHxcrqqJl9tE obLSccXXe1ItUovIwJYVNx2+NSuK8Wt5QrqnnSSLLNa/eonOetqiZi3iH8KGF1GD KWxHaXG/vID/UKvjFAo0TK6Tkw/9VR8Xb+3QztH2Wd0ZsYVSrG0ZxKbGFIoWfObU QdQMU/st0uWex7XngDeNgzAusSFNhf5YYo6FNT+Ioq99BnzgjMriYm5XxZPpmPjr feQVGlfXzj+EUjSXEL16njRsiJgoaNy2JxEzFRDLOrbZksFt9skW94udi9HFuzXC PQ9crifi4Zo7BYe/lEPamqHbiRiEyIa5FzjFePUsjBi2FcYi98ZMbe82Is3Lz8DJ 3rDHmXc8TaNtMnmU228TH81YlhTyo8a9+0FTibGZ6SyUp4Tppp2XiUX5/Jsz49D2 w3JQZfbKA0aMCFNNe/GJYTeVUt97lgibXbvZVQr9eMUg9tBDo0tVqqBQYmgcivlT Kvmyy58Z5NhknQ== =V7lV -----END PGP SIGNATURE-----
--- End Message ---
