He's bitching about a vulnerable in libcue, a library for using .cue files for CD ISOs, which is used by tracker-miner. The person who published it informed Gnome and the maintainer of libcue and libcue and tracker-miner were patched before the article even came out in October. Libcue at its negative index issue fixed and tracker-miner had it's sandbox improved.
Now it's just a matter of distributions providing updates for one or both packages. From what I can tell, the exploit has only been shown to work when downloading cue files.
Now it's just a matter of distributions providing updates for one or both packages. From what I can tell, the exploit has only been shown to work when downloading cue files.
Comment