Hi, I implemented those fixes to libytnef. Yeraze has just released 1.9.3 so I'm interested to see if/when it will make it to Ubuntu, and to which releases.
The ytnef and ytnefprint binaries just call libytnef, both the wrong and the right fixes to CVE-2017-9068 are definitely part of the library, so I would say that trusty is most likely affected. There are also several other equally severe CVEs which have been reported and fixed since version 1.5. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9068 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666884 Title: libytnef: February 2017 multiple vulnerabilities (X41-2017-002) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libytnef/+bug/1666884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
