Your message dated Mon, 12 Jun 2017 18:02:22 +0000
with message-id <[email protected]>
and subject line Bug#862442: fixed in tnef 1.4.9-1+deb8u3
has caused the Debian Bug report #862442,
regarding tnef: CVE-2017-8911: integer underflow in unicode_to_utf8
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
862442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862442
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tnef
Version: 1.4.12-1.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/verdammelt/tnef/issues/23
Hi,
the following vulnerability was published for tnef.
CVE-2017-8911[0]:
| An integer underflow has been identified in the unicode_to_utf8()
| function in tnef 1.4.14. This might lead to invalid write operations,
| controlled by an attacker.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8911
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8911
[1] https://github.com/verdammelt/tnef/issues/23
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tnef
Source-Version: 1.4.9-1+deb8u3
We believe that the bug you reported is fixed in the latest version of
tnef, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated tnef package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 May 2017 15:03:02 +0200
Source: tnef
Binary: tnef
Architecture: source amd64
Version: 1.4.9-1+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Kevin Coyner <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description:
tnef - Tool to unpack MIME application/ms-tnef attachments
Closes: 862442
Changes:
tnef (1.4.9-1+deb8u3) jessie-security; urgency=high
.
* Non-maintainer upload by the Wheezy LTS Team.
* CVE-2017-8911 (Closes: #862442)
An integer underflow has been identified in the unicode_to_utf8()
function in tnef 1.4.14. This might lead to invalid write
operations, controlled by an attacker.
Checksums-Sha1:
aa6d113bfae4f8f04da35978c9c2b669557dcd84 1884 tnef_1.4.9-1+deb8u3.dsc
d42ccbe3d41e797fb4133f2e01120680101e8782 3952575 tnef_1.4.9.orig.tar.gz
1214174f0d7d5fa6409e511262a516314eeb6e9a 7248 tnef_1.4.9-1+deb8u3.debian.tar.xz
d368e2a9fe77021a12f4949d71267b859d896a63 48066 tnef_1.4.9-1+deb8u3_amd64.deb
Checksums-Sha256:
84bc6fe7224c3b7f4ca71996405fa750122f7255c4d054253bb6a4f2897a2330 1884
tnef_1.4.9-1+deb8u3.dsc
c4d64ec48f79681a11ee45b38c6b2177ce2d0a8c8f99733e90d462bd27eee6af 3952575
tnef_1.4.9.orig.tar.gz
edfa164182caec008c08d7378e630fb83473c96bc4d0698ca1aea09ff7dad490 7248
tnef_1.4.9-1+deb8u3.debian.tar.xz
5d063045886feec721c2470cd6e7f332a0d0883a4c770f2073acdc535fe51352 48066
tnef_1.4.9-1+deb8u3_amd64.deb
Files:
efa5fcccfc0284dcfdc93867aebfe9a8 1884 text optional tnef_1.4.9-1+deb8u3.dsc
83a3a8fe0c15c9bbe2a8dae74c46b761 3952575 text optional tnef_1.4.9.orig.tar.gz
21b000e1aeffbbda48a2842c3200b440 7248 text optional
tnef_1.4.9-1+deb8u3.debian.tar.xz
700ebfd94d50fb3804adca7c0e682bca 48066 text optional
tnef_1.4.9-1+deb8u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlku8X5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR2AIEACj3hNomMMI7ZV7+omqzKmPI3Jse/2R
mRhHlHyxkgyQs3HXEWIqqyBt2nBWS3ejJijYFQOHsThaQosOhCxqg1jvNSgNmi32
q3sWY2X9s2bK5WIEr+MribTJ/MBd1JE1NEdGD/INL4rlf39Tu3S1VhWXJpLo2BVF
4OYFg/VMrlJirnLrXjt6mma7Mc/OethSSl6bBhk+Hnv2vvNiGHJOFU2zhvLA+UA1
BYJAOEUOv2CPZvnZrtPT4T6wukPyCaCEbLlDWdI1U58q1lIMAhxgEt+w07ylHk88
5BdTc8jFHJIACs5X7OChxgsvCvEM1fKjOwdIMImjdUHN1JmSiypRN6rVA3wmwKU0
y9hNCT0QpaABnrHgjwaMkT8VZQ0Cw8hxidQMA3iKK9VYbpNoape1tpLGBvbjjoGg
9wdFu6mJoGhdGOY19US/9214XdP4pa9/tvzTOJ195Eww363UPhwfXl0sDQbDjgyN
ayBoCuwIUXV3Ra/Drif4y9eTNQIDskbmUimJuWpXFhYqlyx7A2j7y6WZS10TEblS
e/60cjRih5mDFMPU9XQ4J3ipqHnpzMnfwvbw5uKYWL/dKulGUduIGOgPC5tHBMmh
4qlQmAo2Yqr+3MHmsSMndJBQ5fJFJSTafdjwD+9NBEcjrIIG1nNdxnOMzWZ8sPNn
IwjDqr9cmvvTBg==
=UdB2
-----END PGP SIGNATURE-----
--- End Message ---
