This bug was fixed in the package gnome-exe-thumbnailer - 0.9.4-2ubuntu0.1 --------------- gnome-exe-thumbnailer (0.9.4-2ubuntu0.1) zesty-security; urgency=high
[ James Lu ] * SECURITY UPDATE: Arbitrary code execution (LP: #651610) - debian/patches/switch-to-msiinfo.patch: Switch to msitools' msiinfo for ProductVersion fetching, replacing the insecure VBScript-based parsing - debian/control: Add msitools to recommends; it is now used to fetch .msi version info. - CVE-2017-11421 -- Tyler Hicks <tyhi...@canonical.com> Fri, 04 Aug 2017 00:07:05 +0000 ** Changed in: gnome-exe-thumbnailer (Ubuntu Zesty) Status: Confirmed => Fix Released ** Changed in: gnome-exe-thumbnailer (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/651610 Title: [CVE-2017-11421] Version number for .msi thumbnail is obtained from unreliable source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-exe-thumbnailer/+bug/651610/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs