Hi! On Tue, Feb 27, 2018 at 12:34:58PM -0500, Rocky Bernstein wrote: > In https://security-tracker.debian.org/tracker/CVE-2017-18201 it claims > 0.83 is vulnerable, but I don't believe that this the case. > > I think that bug was introduced in version 0.92. There was a major change > in 0.90 as to how CD-TEXT was handle (and in 0.90 there was memory that was > not freed rather than double freed which started I think in 0.92). So I > don't believe 0.83 should be marked as vulnerable.
Thanks a lot. I update the security-tracker information, which was older versions are automatically marked as affected as well, until someone does triage it. Regards, Salvatore
