Re: [pkg-wine-party] Proposed security update for gnome-exe-thumbnailer

Hi all, I'll admit that my initial guess of the bug's severity was a bit rushed. Upon thinking about it more, I do feel that this bug /could/ be reliability exploited. I have these thoughts in particular: 1) I can think of a few ways that a strangely named file with code inside it could make its

Re: [pkg-wine-party] Upload for gnome-exe-thumbnailer 0.9.5-1

Hi Stephen, I've added the LP mention in Git and will wait for the CVE assignment. Best, James On 18/07/17 03:49 PM, Stephen Kitt wrote: > Hi James, > > Le 18/07/2017 02:40, James Lu a écrit : >> I've prepared gnome-exe-thumbnailer 0.9.5-1 and uploaded it to mentors: >>

Re: [pkg-wine-party] Upload for gnome-exe-thumbnailer 0.9.5-1

Hi James, Le 18/07/2017 02:40, James Lu a écrit : I've prepared gnome-exe-thumbnailer 0.9.5-1 and uploaded it to mentors: https://mentors.debian.net/package/gnome-exe-thumbnailer. The packaging is also in the pkg-wine Git repository. Thanks, the package looks good. It’s probably worth waiting

[pkg-wine-party] Processed: tagging 868705

Processing commands for cont...@bugs.debian.org: > tags 868705 + sid buster stretch Bug #868705 [gnome-exe-thumbnailer] gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript Added tag(s) sid, stretch, and buster. > thanks Stopping processing here. Please contact

Re: [pkg-wine-party] Proposed security update for gnome-exe-thumbnailer

Hi, James, thanks for taking care of this! Le 18/07/2017 03:54, James Lu a écrit : On 18/07/17 09:46 AM, James Lu wrote: Earlier today I received a bug report about a VBScript injection issue in gnome-exe-thumbnailer through specially crafted filenames. The Debian bug is at

[pkg-wine-party] Bug#868705: marked as done (gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail generation for MSI files executes arbitrary VBScript)

Your message dated Tue, 18 Jul 2017 19:51:04 + with message-id and subject line Bug#868705: fixed in gnome-exe-thumbnailer 0.9.5-1 has caused the Debian Bug report #868705, regarding gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail generation for MSI

[pkg-wine-party] Bug#868705: gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript

Control: retitle -1 gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail generation for MSI files executes arbitrary VBScript Hi CVE-2017-11421 has been assigned for this issue. Regards, Salvatore ___ pkg-wine-party mailing list

[pkg-wine-party] Processed: Re: Bug#868705: gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript

Processing control commands: > retitle -1 gnome-exe-thumbnailer: CVE-2017-11421: Thumbnail generation for > MSI files executes arbitrary VBScript Bug #868705 [gnome-exe-thumbnailer] gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript Changed Bug title to

[pkg-wine-party] Bug#868705: Bug#868705: gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript

Hi Salvatore, On Tue, 18 Jul 2017 20:53:17 +0200, Salvatore Bonaccorso wrote: > CVE-2017-11421 has been assigned for this issue. Thanks, I’ve added that to the changelog and uploaded the package. Regards, Stephen pgpMuyhUT1oPq.pgp Description: OpenPGP digital signature

[pkg-wine-party] Processing of gnome-exe-thumbnailer_0.9.5-1_source.changes

gnome-exe-thumbnailer_0.9.5-1_source.changes uploaded successfully to localhost along with the files: gnome-exe-thumbnailer_0.9.5-1.dsc gnome-exe-thumbnailer_0.9.5.orig.tar.gz gnome-exe-thumbnailer_0.9.5-1.debian.tar.xz gnome-exe-thumbnailer_0.9.5-1_source.buildinfo Greetings,

[pkg-wine-party] Bug#868705: gnome-exe-thumbnailer: Thumbnail generation for MSI files executes arbitrary VBScript

Quote : > gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection > when generating thumbnails for MSI files, aka the "Bad Taste" > issue. There is a local attack if the victim uses the GNOME Files file > manager, and