CVE-2017-6306 in Ubuntu

CVE-2017-6306

Priority

Description

An issue was discovered in ytnef before 1.9.1. This is related to a patch
described as "9 of 9. Directory Traversal using the filename;
SanitizeFilename function in settings.c."

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306
https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
http://www.openwall.com/lists/oss-security/2017/02/15/4
https://github.com/Yeraze/ytnef/pull/27
https://usn.ubuntu.com/usn/usn-3288-1

Notes

Package

Source: libytnef (LP Ubuntu Debian)

Upstream:	released (1.9.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was released [1.5-6ubuntu0.1])
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (1.9.1-1)
Ubuntu 20.04 LTS (Focal Fossa):	not-affected (1.9.1-1)
Ubuntu 20.10 (Groovy Gorilla):	not-affected (1.9.1-1)

Patches:

Upstream:

https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910

More Information

Updated: 2020-10-24 06:42:35 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)