Bug#884923: abiword: CVE-2017-17529
Source: abiword Version: 3.0.2-5 Severity: normal Tags: security upstream Hi, the following vulnerability was published for abiword. CVE-2017-17529[0]: | af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings | before launching the program specified by the BROWSER environment | variable, which might allow remote attackers to conduct | argument-injection attacks via a crafted URL. Might be possible to just compile with --with-gnomevfs and not use the problematic function. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-17529 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17529 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Bug#884853: [qtqr] RE: qtqr: Saving PNG broken; doesn't decode
Package: qtqr Version: 1.4~bzr23-1 Adding a 'me too' here. I'm investigating the latest version of qtqr in Unstable now that 847150 is said to be fixed, and it can't even cope with decoding the basic example QR Code image at https://en.wikipedia.org/wiki/QR_code (save the PNG then flatten the image to give it a solid white background prior to testing). 1.4~bzr21 patched to fix the 847150 bug successfully decodes the URL in the image. --- System information. --- Architecture: Kernel: Linux 4.9.0-4-amd64 Debian Release: 9 - Devuan Testing 990 testing 10.1.0.3 990 ascii-updates 10.1.0.3 500 unstable10.1.0.3 500 quodlibet-unstable lazka.github.io 100 ascii-proposed 10.1.0.3 --- Package information. --- Depends (Version) | Installed =-+-=== python-qrtools| 1.4~bzr21-1 python-pyqt5 | 5.7+dfsg-5 python:any (>= 2.5~) | signature.asc Description: OpenPGP digital signature
Processed: tagging 883298
Processing commands for cont...@bugs.debian.org: > # I worked with upstream on this, and the current hg repo builds with on x32 > tags 883298 + fixed-upstream Bug #883298 [src:xine-lib-1.2] xine-lib-1.2: FTBFS on x32: (%esi,%rax) is not a valid base/index expression Added tag(s) fixed-upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 883298: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883298 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
