This bug was fixed in the package gnome-exe-thumbnailer -
0.9.4-2ubuntu0.1
---------------
gnome-exe-thumbnailer (0.9.4-2ubuntu0.1) zesty-security; urgency=high
[ James Lu ]
* SECURITY UPDATE: Arbitrary code execution (LP: #651610)
- debian/patches/switch-to-msiinfo.patch: Switch to msitools' msiinfo for
ProductVersion fetching, replacing the insecure VBScript-based parsing
- debian/control: Add msitools to recommends; it is now used to fetch .msi
version info.
- CVE-2017-11421
-- Tyler Hicks <tyhi...@canonical.com> Fri, 04 Aug 2017 00:07:05 +0000
** Changed in: gnome-exe-thumbnailer (Ubuntu Zesty)
Status: Confirmed => Fix Released
** Changed in: gnome-exe-thumbnailer (Ubuntu Xenial)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/651610
Title:
[CVE-2017-11421] Version number for .msi thumbnail is obtained from
unreliable source
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-exe-thumbnailer/+bug/651610/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
