Thank you for this notice.
I have checked for no duplicate bug.
Assigning to DavidG as latest committer; CC Stig as having done it before.
No registered maintainer.
Done for mga7!
Saving advisory for the moment...David, it needs to be updated in Cauldron also.
Updated tnef package fixes security vulnerability:
In tnef, an attacker may be able to write to the victim's .ssh/authorized_keys
file via an e-mail message with a crafted winmail.dat application/ms-tnef
attachment, because of a heap-based buffer over-read involving strdup
Updated packages in core/updates_testing:
tnef security update CVE-2019-18849 =>
tnef new security issue CVE-2019-18849Version:
Already updated in Cauldron!
Yes I see. Sophie is outdated.
QA, advisory and package in Comment 3.
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref to bug 20343 for a testfile, then at CLI
$ tnef -v winmail.dat
zappa_av1.jpg | zappa_av1.jpg | unknown |
bookmark.htm | bookmark.htm | unknown |
The Picture shows OK and I could import the bookmarks into Firefox
OK for me
An update for this issue has been pushed to the Mageia Updates repository.