Re: CVE-2017-12678

To: "Dr. Tobias Quathamer" <toddy@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2017-12678
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 9 Aug 2017 13:07:06 +0200
Message-id: <[🔎] 20170809110706.3xa36kqhevyovtqk@lorien.valinor.li>
Mail-followup-to: "Dr. Tobias Quathamer" <toddy@debian.org>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] fd0ce992-5e6d-4399-1bb8-e54248afb821@debian.org>
References: <[🔎] fd0ce992-5e6d-4399-1bb8-e54248afb821@debian.org>

Hi!

On Wed, Aug 09, 2017 at 12:42:12PM +0200, Dr. Tobias Quathamer wrote:
> Dear security team,
> 
> I've just seen <https://bugs.debian.org/871511>.
> 
> I have now inspected the code of the embedded copy of taglib in my
> package silverjuke. From what I can tell, the embedded copy does not
> contain the vulnerability.
> 
> The code in question is not included in silverjuke, because the embedded
> copy is older than the version of taglib which introduced the vulnerability.

Ok thanks a lot for your analysis. We will update the tracker
information!

Regards,
Salvatore

Reply to:

References:
- CVE-2017-12678
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>

Prev by Date: CVE-2017-12678
Next by Date: External check
Previous by thread: CVE-2017-12678
Next by thread: Bug#829172: security-tracker: New 'postponed' tag for issues warranting a DSA but postponed while waiting for more serious issues
Index(es):
- Date
- Thread