[ James Lu ]
* SECURITY UPDATE: Arbitrary code execution (LP: #651610)
- debian/patches/switch-to-msiinfo.patch: Switch to msitools' msiinfo for
ProductVersion fetching, replacing the insecure VBScript-based parsing
- debian/control: Add msitools to recommends; it is now used to fetch .msi
version info.
- CVE-2017-11421
This bug was fixed in the package gnome-exe- thumbnailer - 0.9.4-2ubuntu0.1
--------------- thumbnailer (0.9.4-2ubuntu0.1) zesty-security; urgency=high
gnome-exe-
[ James Lu ] patches/ switch- to-msiinfo. patch: Switch to msitools' msiinfo for rsion fetching, replacing the insecure VBScript-based parsing
* SECURITY UPDATE: Arbitrary code execution (LP: #651610)
- debian/
ProductVe
- debian/control: Add msitools to recommends; it is now used to fetch .msi
version info.
- CVE-2017-11421
-- Tyler Hicks <email address hidden> Fri, 04 Aug 2017 00:07:05 +0000