Re: CVE-2017-12678

2017-08-09 Thread Salvatore Bonaccorso 
Hi!

On Wed, Aug 09, 2017 at 12:42:12PM +0200, Dr. Tobias Quathamer wrote:
> Dear security team,
> 
> I've just seen .
> 
> I have now inspected the code of the embedded copy of taglib in my
> package silverjuke. From what I can tell, the embedded copy does not
> contain the vulnerability.
> 
> The code in question is not included in silverjuke, because the embedded
> copy is older than the version of taglib which introduced the vulnerability.

Ok thanks a lot for your analysis. We will update the tracker
information!

Regards,
Salvatore

CVE-2017-12678

2017-08-09 Thread Dr. Tobias Quathamer 
Dear security team,

I've just seen .

I have now inspected the code of the embedded copy of taglib in my
package silverjuke. From what I can tell, the embedded copy does not
contain the vulnerability.

The code in question is not included in silverjuke, because the embedded
copy is older than the version of taglib which introduced the vulnerability.

HTH, best regards,
Tobias



signature.asc
Description: OpenPGP digital signature

External check

2017-08-09 Thread Raphael Geissert 
CVE-2017-11661: RESERVED
CVE-2017-11662: RESERVED
CVE-2017-11663: RESERVED
CVE-2017-11664: RESERVED
CVE-2017-7543: RESERVED
CVE-2017-7809: RESERVED
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.