tnef (1.4.12-1.1) zesty; urgency=medium
* Non-maintainer upload by the Wheezy LTS Team. (Closes: #856117)
* while fixing the CVEs, upstream introduced a regression
fix-regression-1.patch and fix-regression-2.patch take care of
that (Closes: #857342)
* CVE-2017-6307
An issue was discovered in tnef before 1.4.13. Two OOB Writes have
been identified in src/mapi_attr.c:mapi_attr_read(). These might
lead to invalid read and write operations, controlled by an attacker.
* CVE-2017-6308
An issue was discovered in tnef before 1.4.13. Several Integer
Overflows, which can lead to Heap Overflows, have been identified
in the functions that wrap memory allocation.
* CVE-2017-6309
An issue was discovered in tnef before 1.4.13. Two type confusions
have been identified in the parse_file() function. These might lead
to invalid read and write operations, controlled by an attacker.
* CVE-2017-6310
An issue was discovered in tnef before 1.4.13. Four type confusions
have been identified in the file_add_mapi_attrs() function.
These might lead to invalid read and write operations, controlled
by an attacker.
-- Thorsten Alteholz <email address hidden> Wed, 29 Mar 2017 19:03:02 +0200