This bug was fixed in the package gnome-exe-thumbnailer - 0.9.5-1
---------------
gnome-exe-thumbnailer (0.9.5-1) unstable; urgency=high
[ Stephen Kitt ]
* Fix the filename mangling in debian/watch.
[ James Lu ]
* New upstream release.
- Switch to msitools' msiinfo for ProductVersion fetching, replacing the
insecure VBScript-based parsing as described at
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
(Closes: #868705; LP: #651610; CVE-2017-11421).
* Add Enhances: caja, tumbler (>= 0.1.92~), nautilus, nemo
These are some of the many file managers/thumbnailer programs that support
desktop thumbnailers like exe-thumbnailer, and I have verified (at some
point) that all of these work.
* fallback-thumbnail-limit.patch: drop, applied upstream.
* Bump Standards-Version to 4.0.0; no changes needed.
* Add msitools to recommends; it is used to fetch .msi version info.
-- James Lu <[email protected]> Tue, 18 Jul 2017 08:18:48 +0800
** Changed in: gnome-exe-thumbnailer (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11421
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/651610
Title:
Version number for .msi thumbnail is obtained from unreliable source
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-exe-thumbnailer/+bug/651610/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
