| Name | CVE-2017-9149 |
| Description | Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 858058 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| mat (PTS) | jessie, jessie (lts) | 0.5.2-3+deb8u1 | fixed |
| stretch | 0.6.1-4 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| mat | source | wheezy | (not affected) | | | |
| mat | source | jessie | (not affected) | | | |
| mat | source | (unstable) | 0.6.1-4 | | | 858058 |
Notes
[jessie] - mat <not-affected> (Vulnerable code not present)
[wheezy] - mat <not-affected> (Vulnerable code not present)
https://0xacab.org/mat/mat/issues/11527
Fixed by: https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9
Fixed by: https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a
Introduced by: https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5