Control: tags -1 + confirmed On Tue, 2017-07-25 at 22:50 +0800, James Lu wrote: > I've prepared an update to gnome-exe-thumbnailer which includes two changes > backported from the 0.9.5 release: > > 1) Migrating away from insecure Wine+VBScript based parsing of .msi files to > msitools, as part of the fix for CVE-2017-11421[1] (VBScript code injection > via > filenames containing code). This issue was marked no-dsa, so I'm sending the > update here instead. I also adjusted the dependencies to add msitools, but > IIRC > this means that users upgrading will need to run dist-upgrade (if such a > change > is too disruptive, I will probably look at disabling version info for .msi > files entirely). > > 2) Fix readability of version labels by using a dark background colour. > Previously, the version label exe-thumbnailer adds to generated thumbnails > used > a transparent background, which shows up as white text on white with a default > configuration. > > [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11421
Please go ahead. Regards, Adam
