0ddb5cb233
The changes in patch-ytnef.c has been applied upstream. patch-ytnef.c has now been removed. Changes from Changelog: v1.9.2 - February 23, 2017 Thanks to @hannob for finding some Out-of-bound exceptions in memory handline. * [SECURITY] An invalid memory access (heap overrun) in handling LONG datatypes (CVE-2017-6800) * [SECURITY] Missing a check for fields of size 0 (CVE-2017-6801) * [SECURITY] Potential buffer overrun on incoming Compressed RTF Streams (CVE-2017-6802) This version & the previous 1.9.1 resolves the following CVEs: * CVE-2017-6306 * CVE-2017-6305 * CVE-2017-6304 * CVE-2017-6303 * CVE-2017-6302 * CVE-2017-6301 * CVE-2017-6300 * CVE-2017-6299 * CVE-2017-6298 v1.9.1 - Feb 14, 2017 * BugFix for path handling- label both / and \ as invalid characters inattachments * Remove lots of exit(-1)'s from the code that would crash calling programs * [SECURITY] Thanks to EricSesterhennX41 for a patch to fix lots of invalid memory allocation around corrupted files. v1.9 - January 2, 2017 * Unify libytnef and ytnef tools into a single build & package (Thanks @jmallach) * Fix applied for CVE-2010-5109 * Various fixes for errors found via Static Analysis (cppcheck) * Various memory leaks plugged (Thanks @slonik-v-domene) * Bugfix for a broken "uniqueness" checker * Lots of formatting & documentation cleanups Now that the two packages are unified into a single install & build, I've had to choose a unifier of Version Numbers. I chose 1.9 . |
||
---|---|---|
.. | ||
patch-ytnef_Makefile.am | ||
patch-ytnefprint_Makefile.am |