[ubuntu/vivid-proposed] file 1:5.20-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jan 27 16:27:13 UTC 2015 

file (1:5.20-1ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: DoS via insufficient note headers
    - debian/patches/CVE-2014-3710.patch: handle running out of not headers
      in src/readelf.c.
    - CVE-2014-3710
  * SECURITY UPDATE: DoS in ELF parser
    - debian/patches/CVE-2014-8116.patch: limit number of headers and
      capabilities in src/elfclass.h, src/readelf.c.
    - CVE-2014-8116
  * SECURITY UPDATE: DoS via missing recursion limits
    - debian/patches/CVE-2014-8117.patch: lower recursion level and allow
      it to be set from the command line in src/apprentice.c, src/file.c,
      src/file.h, src/file_opts.h, src/funcs.c, src/magic.c,
      src/magic.h.in, src/softmagic.c, add new option to documentation in
      doc/file.man, doc/libmagic.man.
    - CVE-2014-8117
  * SECURITY UPDATE: DoS via long pascal strings
    - debian/patches/pr398-truncate-pascal-strings.patch: correctly
      calculate size in src/softmagic.c.
    - No CVE number
  * debian/libmagic1.symbols: added new symbols

Date: Tue, 27 Jan 2015 08:28:35 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/file/1:5.20-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 27 Jan 2015 08:28:35 -0500
Source: file
Binary: file file-dbg libmagic1 libmagic-dev python-magic python3-magic
Architecture: source
Version: 1:5.20-1ubuntu2
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 file       - Determines file type using "magic" numbers
 file-dbg   - Determines file type using "magic" numbers (debug)
 libmagic-dev - File type determination library using "magic" numbers (developmen
 libmagic1  - File type determination library using "magic" numbers
 python-magic - File type determination library using "magic" numbers (Python bin
 python3-magic - File type determination library using "magic" numbers (Python 3 b
Changes:
 file (1:5.20-1ubuntu2) vivid; urgency=medium
 .
   * SECURITY UPDATE: DoS via insufficient note headers
     - debian/patches/CVE-2014-3710.patch: handle running out of not headers
       in src/readelf.c.
     - CVE-2014-3710
   * SECURITY UPDATE: DoS in ELF parser
     - debian/patches/CVE-2014-8116.patch: limit number of headers and
       capabilities in src/elfclass.h, src/readelf.c.
     - CVE-2014-8116
   * SECURITY UPDATE: DoS via missing recursion limits
     - debian/patches/CVE-2014-8117.patch: lower recursion level and allow
       it to be set from the command line in src/apprentice.c, src/file.c,
       src/file.h, src/file_opts.h, src/funcs.c, src/magic.c,
       src/magic.h.in, src/softmagic.c, add new option to documentation in
       doc/file.man, doc/libmagic.man.
     - CVE-2014-8117
   * SECURITY UPDATE: DoS via long pascal strings
     - debian/patches/pr398-truncate-pascal-strings.patch: correctly
       calculate size in src/softmagic.c.
     - No CVE number
   * debian/libmagic1.symbols: added new symbols
Checksums-Sha1:
 db97d4b26f7335765e3749d3c850c4454eb9b3e1 2195 file_5.20-1ubuntu2.dsc
 ec8a56afa03bc7f2718b8827f509e68e74dd842d 34628 file_5.20-1ubuntu2.debian.tar.xz
Checksums-Sha256:
 3b2a871b88a89425a5886ba968fccf7d1379d30869e7e18919748220411c60b1 2195 file_5.20-1ubuntu2.dsc
 3c89bf327505b77eb772ec6007054a8b3d5c0ca83dd26004a399bddf4138889c 34628 file_5.20-1ubuntu2.debian.tar.xz
Files:
 aa63a89e35eb676615a57a1a7553456a 2195 utils standard file_5.20-1ubuntu2.dsc
 29a3ea3f1e15934188de3d6ed23b3015 34628 utils standard file_5.20-1ubuntu2.debian.tar.xz
Original-Maintainer: Christoph Biedl <debian.axhn at manchmal.in-ulm.de>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUx7uhAAoJEGVp2FWnRL6TESoQAJZiexJmRYOkyxykwCAhr/U6
Cw1Xav7xizoe8UYMAhBjenlHVFcbLHfdj0std0ZydH8/6W7sWy004iPLZKA9HobJ
ohjYpbnRstBHeC2Q6PLIF438W2KCf0wlrTREj3ZUHDqpvdCpnvhC959O/VWya6PB
O6ePwW7vxLS3wmq8fUGYDdmcxSSeuAfVS22jyv6otFjN2tAmgP+W/3UpaaepHvSt
2Py5SHqEEOzxP3zZN9GYPqpLgaEMArM7j7Bo/uVRTBCqmFH1cFyyQ7LGSXUTeBM2
HVg2XNAfpPC9fJDiXLNEBppWDaKy5hE0Q43bijPKYyZG3QNNyOoCa4B0hrIvIhkN
HJSPZ1gGwAqq9A/Rn8cYIHSMY9JVT4p5Mxt5SEybjf02onTXhpRris1McLOGLMRl
qlsgXp+Lg7fEeUqWnzU9vLAl+UDobPOdTXOtNdS9ApySH39acWyzZhh9mngzOAVC
+RQLOLSHh/gH7/mBbL5mmOIG8tTh6HIg82AgUDssVeKgybh8JMFv6POiH0pKC/8l
Q0iVK3X9ZtKw1Ojv+2Ajf7q8haVU3qjtU7kz0unWsxYtGaQWyISw4bvVE4hKyy6p
QRSRybVyEAbuCf4i1JUjMB9keKEEpex/sOH79Jk9nmZ89Sv+aPrDLQ4s0r836Vew
2EplaId1ARxv+aq+VWYQ
=F7Cc
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list