CVE-2017-12678

Discussion:

CVE-2017-12678

Dr. Tobias Quathamer

2017-08-09 10:42:12 UTC

Dear security team,

I've just seen <https://bugs.debian.org/871511>.

I have now inspected the code of the embedded copy of taglib in my
package silverjuke. From what I can tell, the embedded copy does not
contain the vulnerability.

The code in question is not included in silverjuke, because the embedded
copy is older than the version of taglib which introduced the vulnerability.

HTH, best regards,
Tobias

Salvatore Bonaccorso

2017-08-09 11:07:06 UTC

Hi!

Post by Dr. Tobias Quathamer
Dear security team,
I've just seen <https://bugs.debian.org/871511>.
I have now inspected the code of the embedded copy of taglib in my
package silverjuke. From what I can tell, the embedded copy does not
contain the vulnerability.
The code in question is not included in silverjuke, because the embedded
copy is older than the version of taglib which introduced the vulnerability.

Ok thanks a lot for your analysis. We will update the tracker
information!

Regards,
Salvatore

1 Reply
1 View
Permalink to this page
Disable enhanced parsing

Thread Navigation

Dr. Tobias Quathamer 2017-08-09 10:42:12 UTC

Salvatore Bonaccorso 2017-08-09 11:07:06 UTC

about - legalese

Loading...