Hello, This was uploaded! (CC'ing my sponsor as well) Best, James On 08/08/17 08:52 AM, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2017-07-25 at 22:50 +0800, James Lu wrote: >> I've prepared an update to gnome-exe-thumbnailer which includes two changes >> backported from the 0.9.5 release: >> >> 1) Migrating away from insecure Wine+VBScript based parsing of .msi files to >> msitools, as part of the fix for CVE-2017-11421[1] (VBScript code injection via >> filenames containing code). This issue was marked no-dsa, so I'm sending the >> update here instead. I also adjusted the dependencies to add msitools, but IIRC >> this means that users upgrading will need to run dist-upgrade (if such a change >> is too disruptive, I will probably look at disabling version info for .msi >> files entirely). >> >> 2) Fix readability of version labels by using a dark background colour. >> Previously, the version label exe-thumbnailer adds to generated thumbnails used >> a transparent background, which shows up as white text on white with a default >> configuration. >> >> [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11421 > > Please go ahead. > > Regards, > > Adam >
Attachment:
signature.asc
Description: OpenPGP digital signature