Re: [DSA 2422-1] file security update

To: debian-security@lists.debian.org
Subject: Re: [DSA 2422-1] file security update
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
Date: Thu, 01 Mar 2012 08:43:32 +0100
Message-id: <4F4F28A4.2050703@plouf.fr.eu.org>
In-reply-to: <87aa41e4x7.fsf@mid.deneb.enyo.de>
References: <87aa41e4x7.fsf@mid.deneb.enyo.de>

Hello,

Florian Weimer wrote :
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2422-1                   security@debian.org
> http://www.debian.org/security/                            Florian Weimer
> February 29, 2012                      http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : file
> Vulnerability  : missing bounds checks
> Problem type   : remote
> Debian-specific: no
> 
> The file type identification tool, file, and its associated library,
> libmagic, do not properly process malformed files in the Composite
> Document File (CDF) format, leading to crashes.
> 
> Note that after this update, file may return different detection
> results for CDF files (well-formed or not).  The new detections are
> believed to be more accurate.
> 
> For the stable distribution (squeeze), this problem has been fixed in
> version 5.04-5+squeeze1.

This update is not available for some architectures yet.
Is this normal ?

Reply to:

Follow-Ups:
- Re: [DSA 2422-1] file security update
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Next by Date: Re: [DSA 2422-1] file security update
Next by thread: Re: [DSA 2422-1] file security update
Index(es):
- Date
- Thread