From ${URL} : An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker. Upstream bug: https://github.com/verdammelt/tnef/issues/23 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Now in tree https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4a7b478e32e5d06bda8624f0f4d40b2b0b1b307 @ Arches, please test and mark stable: =net-mail/tnef-1.4.15
CVE-2017-8911 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8911): An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.
Added to an existing GLSA.
amd64 stable
x86 stable
ppc64 stable
ppc stable
Arches or maintainers please stabilize for hppa ASAP. Security will release GLSA for this in 7 days with or without hppa arch being stable.
This issue was resolved and addressed in GLSA 201708-02 at https://security.gentoo.org/glsa/201708-02 by GLSA coordinator Yury German (BlueKnight).
Re-Opening for hppa stabilization (please reference Bug #629554), and cleanup.
Slyfox, please stabilize the hppa or drop from stable. Holding up security and cleanup.
hppa stable
@Maintainers please proceed with cleanup. Thank you, Gentoo Security Padawan ChrisADR
cleanup done
Thank you all,
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c084b61e87507c04cf8da51d6dfba2831dac47d6 commit c084b61e87507c04cf8da51d6dfba2831dac47d6 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-16 19:21:21 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-16 19:26:24 +0000 net-mail/tnef: stable 1.4.15 for sparc Bug: https://bugs.gentoo.org/618658 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" net-mail/tnef/tnef-1.4.15.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
