Re: [SECURITY] [DSA 3121-1] file security update

To: debian-security@lists.debian.org, debian-backports@lists.debian.org
Subject: Re: [SECURITY] [DSA 3121-1] file security update
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu, 8 Jan 2015 20:37:58 -0200
Message-id: <[🔎] 20150108223758.GA23800@khazad-dum.debian.net>
In-reply-to: <20150108184651.GA5535@pisco.westfalen.local>
References: <20150108184651.GA5535@pisco.westfalen.local>

On Thu, 08 Jan 2015, Moritz Muehlenhoff wrote:
> Multiple security issues have been found in file, a tool/library to 

For the record, the "file" package currently in wheezy-backports is in dire
need of a security update.  It is in fact quite dangerous to run it if you
have it installed together with, e.g., amavisd-new or anything else that
will run file/libmagic on untrusted data from the network.

I do have a private backport of file/5.21+15, but it is a quick hack job
that dropped multiarch and build-profile support to ease backporting.  If
someone has a better backport that preserves multiarch support, please
upload.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 3121-1] file security update
  - From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>

Prev by Date: Re: gcl_2.6.12-1~bpo7.7+1_amd64.changes REJECTED
Next by Date: Re: Samba4-common-bin missing dependency
Previous by thread: Re: gcl_2.6.12-1~bpo7.7+1_amd64.changes REJECTED
Next by thread: Re: [SECURITY] [DSA 3121-1] file security update
Index(es):
- Date
- Thread