The remaining CVE's have recently been fixed (or will be once the last MR lands) in the library's repo. Also, importantly, the one CVE fix that Ubuntu did ship last year broke the library's normal operation, making it less than useful for decoding
Resubscribing ubuntu-security-sponsors since while these aren't debdiffs, it would be good to get the package updated to address the remaining CVEs and restore functionality. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1666884 Title: libytnef: February 2017 multiple vulnerabilities (X41-2017-002) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libytnef/+bug/1666884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
