CVE-2017-12144 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12144): In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. https://github.com/Yeraze/ytnef/issues/51 https://somevulnsofadlab.blogspot.ca/2017/07/ytnefallocation-failed-in-tneffillmapi.html CVE-2017-12142 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12142): In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. https://github.com/Yeraze/ytnef/issues/49 https://somevulnsofadlab.blogspot.ca/2017/07/ytnefinvalid-memory-read-in-swapdword.html CVE-2017-12141 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12141): In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. https://github.com/Yeraze/ytnef/issues/50 https://somevulnsofadlab.blogspot.ca/2017/07/ytnefheap-buffer-overflow-in.html
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd0f6d34271b64a12b8be31378a2b58610e60a8f commit bd0f6d34271b64a12b8be31378a2b58610e60a8f Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-07-23 09:45:43 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-07-23 09:45:43 +0000 net-mail/ytnef: Security bump to version 1.9.3 This fixes the following CVEs: CVE-2017-9470 CVE-2017-9471 CVE-2017-9474 CVE-2017-9058 CVE-2017-12142 CVE-2017-12141 CVE-2017-12144 Bug: https://bugs.gentoo.org/626858 Closes: https://bugs.gentoo.org/619156 Package-Manager: Portage-2.3.43, Repoman-2.3.10 net-mail/ytnef/Manifest | 1 + net-mail/ytnef/ytnef-1.9.3.ebuild | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+)
amd64 stable
x86 stable
Stable on alpha.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=492d0d0db7b3f0ca9564d5be3042a781151152f8 commit 492d0d0db7b3f0ca9564d5be3042a781151152f8 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-09-13 14:36:46 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-09-13 14:36:46 +0000 net-mail/ytnef: Security cleanup. Bug: https://bugs.gentoo.org/626858 Package-Manager: Portage-2.3.49, Repoman-2.3.10 net-mail/ytnef/Manifest | 1 - net-mail/ytnef/ytnef-1.9.2.ebuild | 21 --------------------- 2 files changed, 22 deletions(-)