CVE-2017-9149

NameCVE-2017-9149
DescriptionMetadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs858058

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mat (PTS)jessie, jessie (lts)0.5.2-3+deb8u1fixed
stretch0.6.1-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
matsourcewheezy(not affected)
matsourcejessie(not affected)
matsource(unstable)0.6.1-4858058

Notes

[jessie] - mat <not-affected> (Vulnerable code not present)
[wheezy] - mat <not-affected> (Vulnerable code not present)
https://0xacab.org/mat/mat/issues/11527
Fixed by: https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9
Fixed by: https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a
Introduced by: https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5

Search for package or bug name: Reporting problems