Hey Leonidas, Per this comment: https://github.com/Yeraze/ytnef/issues/45#issuecomment-392658096, if you download this example file https://bugs.mageia.org/attachment.cgi?id=9088, then run a version of ytnef with the patch from CVE-2017-9058 applied to it (e.g. libytnef0 1.9.2-2), you'll see the following:
> mjg@payens:~$ ytnef -v -f . ~/winmail.dat > Corrupted file detected at ytnef.c : 546 > zappa_av1.jpg In particular it doesn't successfully extract the file bookmark.htm from the example. What you should see instead is (this is running current yntef git master): > mjg@payens:~/local/src/ytnef$ ytnef/ytnef -v -f . ~/winmail.dat > Attempting to parse /home/mjg/Incoming/winmail.dat... > ./zappa_av1.jpg > ./bookmark.htm Does that help? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666884 Title: libytnef: February 2017 multiple vulnerabilities (X41-2017-002) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libytnef/+bug/1666884/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
