CVE-2017-12678

To: debian-security-tracker@lists.debian.org
Subject: CVE-2017-12678
From: "Dr. Tobias Quathamer" <toddy@debian.org>
Date: Wed, 9 Aug 2017 12:42:12 +0200
Message-id: <[🔎] fd0ce992-5e6d-4399-1bb8-e54248afb821@debian.org>

Dear security team,

I've just seen <https://bugs.debian.org/871511>.

I have now inspected the code of the embedded copy of taglib in my
package silverjuke. From what I can tell, the embedded copy does not
contain the vulnerability.

The code in question is not included in silverjuke, because the embedded
copy is older than the version of taglib which introduced the vulnerability.

HTH, best regards,
Tobias

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: CVE-2017-12678
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: External check
Next by Date: Re: CVE-2017-12678
Previous by thread: Bug#727742: marked as done (security-tracker: allow searching for "CVE 2013-4327" (with a space))
Next by thread: Re: CVE-2017-12678
Index(es):
- Date
- Thread