[pkg-wine-party] Proposed security update for gnome-exe-thumbnailer
skitt at debian.org
Tue Jul 18 07:44:33 UTC 2017
James, thanks for taking care of this!
Le 18/07/2017 03:54, James Lu a écrit :
> On 18/07/17 09:46 AM, James Lu wrote:
>> Earlier today I received a bug report about a VBScript injection issue
>> in gnome-exe-thumbnailer through specially crafted filenames. The
>> bug is at https://bugs.debian.org/868705, and the reporter's PoC is at
>> As I have commit access upstream, I fixed the bug by migrating away
>> the VBScript-based parsing in
>> and released 0.9.5 soon after.
>> For unstable, there is also a pending upload currently in mentors for
>> 0.9.5-1. https://mentors.debian.net/package/gnome-exe-thumbnailer
I see from
that a CVE has already been requested. Should we wait for it to be
assigned before uploading, so it can be included in the changelog?
More information about the pkg-wine-party