This bug was fixed in the package gnome-exe-thumbnailer - 0.9.5-1 --------------- gnome-exe-thumbnailer (0.9.5-1) unstable; urgency=high
[ Stephen Kitt ] * Fix the filename mangling in debian/watch. [ James Lu ] * New upstream release. - Switch to msitools' msiinfo for ProductVersion fetching, replacing the insecure VBScript-based parsing as described at http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html (Closes: #868705; LP: #651610; CVE-2017-11421). * Add Enhances: caja, tumbler (>= 0.1.92~), nautilus, nemo These are some of the many file managers/thumbnailer programs that support desktop thumbnailers like exe-thumbnailer, and I have verified (at some point) that all of these work. * fallback-thumbnail-limit.patch: drop, applied upstream. * Bump Standards-Version to 4.0.0; no changes needed. * Add msitools to recommends; it is used to fetch .msi version info. -- James Lu <bitfl...@gmail.com> Tue, 18 Jul 2017 08:18:48 +0800 ** Changed in: gnome-exe-thumbnailer (Ubuntu) Status: New => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11421 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/651610 Title: Version number for .msi thumbnail is obtained from unreliable source To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-exe-thumbnailer/+bug/651610/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs