libytnef (1.5-4+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * Multiple Heap Overflows, out of bound writes and reads, NULL 
    pointer dereferences and infinite loops have been discovered 
    in ytnef 1.9 and earlier.
    These could be exploited by tricking a user into opening a 
    malicious winmail.dat file.
  * CVE-2017-6298
    Null Pointer Deref / calloc return value not checked
  * CVE-2017-6299
    Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c 
  * CVE-2017-6300
    Buffer Overflow in version field in lib/tnef-types.h
  * CVE-2017-6301
    Out of Bounds Reads
  * CVE-2017-6302
    Integer Overflow
  * CVE-2017-6303
    Invalid Write and Integer Overflow
  * CVE-2017-6304
    Out of Bounds read
  * CVE-2017-6305
    Out of Bounds read and write
  * CVE-2017-6801
    Out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef
  * CVE-2017-6802
    Heap-based buffer over-read on incoming Compressed RTF Streams, 
    related to DecompressRTF() in libytnef
 
 -- Thorsten Alteholz <debian@alteholz.de>  Sun, 26 Mar 2017 18:03:02 +0100

libytnef (1.5-4) unstable; urgency=low

  * QA upload.
  * source/format, patches/series, patches/update_autofiles.patch
  - Switch to dpkg-source 3.0 (quilt) format 
  * debian/control
  - Bump Standards-Version to 3.9.2 (no other changes required)
  - Add sourceforge project URL as Homepage field
  - Add ${misc:Depends} to all binary packages (lintian)
  * debian/rules
  - Add recommended targets build-arch and build-indep (lintian)

 -- Ricardo Mones <mones@debian.org>  Tue, 20 Sep 2011 08:13:13 +0200

libytnef (1.5-3) unstable; urgency=low

  * QA upload.
  * Get rid of unneeded *.la files (Closes: #622540).

 -- Alessio Treglia <alessio@debian.org>  Sat, 04 Jun 2011 10:03:07 +0200

libytnef (1.5-2) unstable; urgency=low

  * Orphaning this package. Thanks for the NMUs!
  * Bump debhelper compat to 7 and Standards-Version to 3.8.3.
  * Make dependency between libytnef0-dev and libytnef0 more strict.

 -- Joshua Kwan <joshk@triplehelix.org>  Mon, 28 Sep 2009 10:13:48 -0700

libytnef (1.5-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * call dh_makeshlibs before calling dh_installdeb.
  * configure.ac: use AM_MAINTAINER_MODE.
  * autotools related files: regenerate. Closes: bug#342670, #536118.

 -- Aurelien Jarno <aurel32@debian.org>  Sun, 16 Aug 2009 21:10:48 +0200

libytnef (1.5-1) unstable; urgency=low

  * Initial release.

 -- Joshua Kwan <joshk@triplehelix.org>  Mon,  9 May 2005 20:31:56 -0700
