Package: ktnef Version: 4:16.04.3-3 Severity: important Tags: patch Dear Maintainer,
from the KDE project security advisory: > A directory traversal issue was found in ktnef which can > be exploited by tricking a user into opening a malicious winmail.dat file. > The issue allows to write files with the permission of the user opening > the winmail.dat file during extraction. I forward the KDE project security advisory to the bug as soon as I got back bug number. Patch is at: https://commits.kde.org/ktnef/4ff38aa15487d69021aacad4b078500f77fb4ae8 Thank you, Martin -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.16-tp520+ (SMP w/4 CPU cores; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages ktnef depends on: ii kio 5.28.0-1 ii libc6 2.24-9 ii libkf5configcore5 5.28.0-1 ii libkf5configwidgets5 5.28.0-1 ii libkf5coreaddons5 5.28.0-1 ii libkf5dbusaddons5 5.28.0-1 ii libkf5i18n5 5.28.0-1 ii libkf5kiowidgets5 5.28.0-1 ii libkf5service-bin 5.28.0-1 ii libkf5service5 5.28.0-1 ii libkf5tnef5 16.04.2-1 ii libkf5widgetsaddons5 5.28.0-1 ii libkf5xmlgui5 5.28.0-1 ii libqt5core5a 5.7.1+dfsg-3+b1 ii libqt5gui5 5.7.1+dfsg-3+b1 ii libqt5widgets5 5.7.1+dfsg-3+b1 ii libstdc++6 7-20170221-1 ktnef recommends no packages. ktnef suggests no packages. -- no debconf information
