Apologies for the late reply, I neglected to enable notifications...
No, I just meant that the unpatched Trusty package isn't safe just because it doesn't contain ytnef/ytnefprint binaries. You have it right, the single patch you mention will be enough to address CVE-2017-9058. It should replace this patch[1]. That will at least restore correct behaviour to the library.
However, this bugreport mentions several vulnerabilites, and the patch only covers CVE-2017-9058. As you can see on the github releases page[2], there have been many CVEs addressed in the past few releases. I don't know how feasible this is but if possible I highly recommend upgrading to 1.9.3.
Apologies for the late reply, I neglected to enable notifications...
No, I just meant that the unpatched Trusty package isn't safe just because it doesn't contain ytnef/ytnefprint binaries. You have it right, the single patch you mention will be enough to address CVE-2017-9058. It should replace this patch[1]. That will at least restore correct behaviour to the library.
However, this bugreport mentions several vulnerabilites, and the patch only covers CVE-2017-9058. As you can see on the github releases page[2], there have been many CVEs addressed in the past few releases. I don't know how feasible this is but if possible I highly recommend upgrading to 1.9.3.
[1] https:/ /sources. debian. org/patches/ libytnef/ 1.9.2-2/ CVE-2017- 9058.patch/ /github. com/Yeraze/ ytnef/releases
[2] https:/