see the patch http://conary.rpath.com/conary/getFile?path=CVE-2007-3387.patch;pathId=f8a108173e127ee1ed231667a1ff9b18;fileId=ab2ac06447ea0a03d10f5a84e8b4ba81357f87f8;fileV=/conary.rpath.com%40rpl%3Adevel//1/0.4.5-1.2
mmm
This code is shipped, but not used in our versions of libextractor. *** This bug has been marked as a duplicate of bug 188169 ***