Hi, I implemented those fixes to libytnef. Yeraze has just released 1.9.3 so I'm interested to see if/when it will make it to Ubuntu, and to which releases.
The ytnef and ytnefprint binaries just call libytnef, both the wrong and the right fixes to CVE-2017-9068 are definitely part of the library, so I would say that trusty is most likely affected. There are also several other equally severe CVEs which have been reported and fixed since version 1.5.
Hi, I implemented those fixes to libytnef. Yeraze has just released 1.9.3 so I'm interested to see if/when it will make it to Ubuntu, and to which releases.
The ytnef and ytnefprint binaries just call libytnef, both the wrong and the right fixes to CVE-2017-9068 are definitely part of the library, so I would say that trusty is most likely affected. There are also several other equally severe CVEs which have been reported and fixed since version 1.5.