CVE-2019-18849 (https://nvd.nist.gov/vuln/detail/CVE-2019-18849): In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
Reference: https://github.com/verdammelt/tnef/pull/40 https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa778e19a5cb0e9158365fbfdc38b6bb3fe9c3b6 commit aa778e19a5cb0e9158365fbfdc38b6bb3fe9c3b6 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-03-25 02:04:26 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 22:49:00 +0000 net-mail/tnef: Security bump to 1.4.18 Bug: https://bugs.gentoo.org/701816 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/15099 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-mail/tnef/Manifest | 1 + net-mail/tnef/tnef-1.4.18.ebuild | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+)
amd64 stable
ppc stable
sparc stable
x86 stable
ppc64 stable
Dropped to ~hppa as there are no stable revdeps.
@maintainer(s), please cleanup by dropping =net-mail/tnef-1.4.15.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8a92e36c939319b84743e4ea814547ba9fae090 commit a8a92e36c939319b84743e4ea814547ba9fae090 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-26 19:07:17 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-26 19:07:43 +0000 net-mail/tnef: security cleanup (bug #701816) Bug: https://bugs.gentoo.org/701816 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-mail/tnef/Manifest | 2 -- net-mail/tnef/tnef-1.4.15.ebuild | 23 ----------------------- net-mail/tnef/tnef-1.4.17.ebuild | 23 ----------------------- 3 files changed, 48 deletions(-)
GLSA Vote: No Repository is clean, all done!