Accepted file 5.11-2+deb7u4 (source amd64) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 06 Sep 2014 17:10:54 +0200
Source: file
Binary: file libmagic1 libmagic-dev python-magic python-magic-dbg
Architecture: source amd64
Version: 5.11-2+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Daniel Baumann <daniel.baumann@progress-technologies.net>
Changed-By: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Description:
file - Determines file type using "magic" numbers
libmagic-dev - File type determination library using "magic" numbers (developmen
libmagic1 - File type determination library using "magic" numbers
python-magic - File type determination library using "magic" numbers (Python bin
python-magic-dbg - File type determination library using "magic" numbers (Python bin
Changes:
file (5.11-2+deb7u4) wheezy-security; urgency=high
.
* Fix vulnerabilites
- CVE-2014-0207
The cdf_read_short_sector function in cdf.c allows remote
attackers to cause a denial of service (assertion failure and
application exit).
- CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c allows remote
attackers to cause a denial of service (performance
degradation) by triggering many file_printf calls.
- CVE-2014-0238
The cdf_read_property_info function in cdf.c allows remote
attackers to cause a denial of service (infinite loop or
out-of-bounds memory access).
- CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c i
allows remote attackers to cause a denial of service
(application crash).
- CVE-2014-3479
The cdf_check_stream_offset function in cdf.c in relies on
incorrect sector-size data, which allows remote attackers to
cause a denial of service (application crash) via a crafted
stream offset in a CDF file.
- CVE-2014-3480
The cdf_count_chain function in cdf.c in does not properly
validate sector-count data, which allows remote attackers to
cause a denial of service (application crash).
- CVE-2014-3487
The cdf_read_property_info function does not properly validate
a stream offset, which allows remote attackers to cause a
denial of service (application crash).
- CVE-2014-3538
file does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a denial
of service (CPU consumption).
- CVE-2014-3587
Integer overflow in the cdf_read_property_info function in
cdf.c allows remote attackers to cause a denial of service
(application crash).
Checksums-Sha1:
f03b4e6b178cfb4fd3cb3742a47dcea5bf1f307a 2016 file_5.11-2+deb7u4.dsc
14ca3531ce564bb3c91ad801ba71a72800873125 30804 file_5.11-2+deb7u4.debian.tar.xz
172bfd2e97b9cf611bfefe2da6cb60e5b8091cad 52592 file_5.11-2+deb7u4_amd64.deb
fe132f6824e917eb330a20e01625fe962c2f0608 202924 libmagic1_5.11-2+deb7u4_amd64.deb
9a717368f6abfa0c77f970e0b4b60b62cd30ecf2 92536 libmagic-dev_5.11-2+deb7u4_amd64.deb
47b8fea86a4dae77ab5635345d2bd2b5f968e7a8 39072 python-magic_5.11-2+deb7u4_amd64.deb
d08acea07294a3e9f5f7e18ee55489e9ed69ca7b 942 python-magic-dbg_5.11-2+deb7u4_amd64.deb
Checksums-Sha256:
5bc22d2e5f1d4996d9fab1c25d8328281a7a7b25906ffae15d124a8462d2e708 2016 file_5.11-2+deb7u4.dsc
24358f34e3000e0e34f9b2e9ab35de4eab96a599d8c7a1c3be3b4b7fc59a0db7 30804 file_5.11-2+deb7u4.debian.tar.xz
f36156253d866ee8cea58a70ea8579531de7455b2954f45c5f81f26bb9f8de4a 52592 file_5.11-2+deb7u4_amd64.deb
52a6eebd8e7561e0b2cceb9d052eba9c7452db7b74a8e49c2d40d33842fb5773 202924 libmagic1_5.11-2+deb7u4_amd64.deb
6c5c288ecdb66c39fe38c04525de47ab9f84267f7d3c85e2f1ac2794874c9caa 92536 libmagic-dev_5.11-2+deb7u4_amd64.deb
ce59e7a584ef6de1d4274d29da2ac8c1154431784d32910d40b608da3c941d01 39072 python-magic_5.11-2+deb7u4_amd64.deb
8e198964638348e5e01ab4ee2ce3b15cfa34652d73e25621612af45ac0bffce8 942 python-magic-dbg_5.11-2+deb7u4_amd64.deb
Files:
a3991f4f2938a9e0308fb379123b9885 2016 utils standard file_5.11-2+deb7u4.dsc
f610c3660823a1dfa09f21ff8d44c369 30804 utils standard file_5.11-2+deb7u4.debian.tar.xz
a5d03ac049b0265c41dc9f8ec905e5e5 52592 utils standard file_5.11-2+deb7u4_amd64.deb
e6196f8aafa12d3c44a1ff6bf2846c9b 202924 libs standard libmagic1_5.11-2+deb7u4_amd64.deb
1b3639eb5fca6d2fd248c821f51606cd 92536 libdevel optional libmagic-dev_5.11-2+deb7u4_amd64.deb
27b4842df12b820cda58c35f5c39b363 39072 python extra python-magic_5.11-2+deb7u4_amd64.deb
d7dba558849aca82162547712987d277 942 debug extra python-magic-dbg_5.11-2+deb7u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJUDtQxAAoJEG7C3vaP/jd08CAP/iApFNL2mZ2YYvoL+Zt30AKu
mKyAOP7+vCd2bwkFOjYdy5VoVS8UnCyXb7sp7CbtVYU326XUFgCuKVlBZG6xvt6t
ybGn2ii5XZnb7eswpeNl096XBa3QzibeZvn7o9fGS2Lrjv5TRoocWKp8TQb2GCe5
LVqmzajTdbT0tFPQRVTMyuF1/pj1sUQ8Hv3rnVke5nLg4gKz1pEC7+o8/2DsQOJh
3mA25WTMiDLWBlsDGeVeYD6pdPXC6/RN0B0jhnbPsYMIHLfR1Dr99MhfIcMhUneh
DtH6aGrdv09QLvGW1E3XA4DSXroPxCI+x0goZLi4l78nWtYNwomvno0v2EMeS58Y
H6a0mT/Zhc79BDajFZyG2eNnEHTL6+GQD0/Dk5/zBX9Cws6PhIzTK7fS41dkT7Jz
mHiFuCz5qFXxsZvSiDEDgO65ieArytGqbtox0itOR3qEofuxH8RM8lOCebcZubkb
l6zWbTQrqqygyJg/D9H/bWePl3WxHwvmSAGwBDa9BkAhWHmg8l1cOmze6H9MvOSr
FZjfAZqhlMT8gxF8SoBu8N5P/n1CReZthzxtDSO4nYSf58vj2+o6lBCZIMtErOxG
YLvsNjwpfyCN+abmIfUMeJZewmZT6rBqngC7f4ZMT1hEzpxNoYXkScZD9/vTmu9S
JrHLO6yHLiQ/1VgwDMt4
=8Ai5
-----END PGP SIGNATURE-----
Reply to: