Bug#823794: jessie-pu: package file/1:5.22+15-2+deb8u2

To: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>, 823794@bugs.debian.org
Subject: Bug#823794: jessie-pu: package file/1:5.22+15-2+deb8u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 14 May 2016 18:05:02 +0100
Message-id: <[🔎] 1463245502.6062.23.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 823794@bugs.debian.org
In-reply-to: <[🔎] 1462775037@msgid.manchmal.in-ulm.de>
References: <[🔎] 1462775037@msgid.manchmal.in-ulm.de>

Control: tags -1 + confirmed

On Mon, 2016-05-09 at 08:31 +0200, Christoph Biedl wrote:
> the stable security team suggested to fix CVE-2015-8865¹ in the
> file package via a point relase.
> 
> Description: "Buffer over-write in finfo_open with malformed magic
> file". If a magic file is unter attacker's control, this can be abused
> to crash file.

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#823794: jessie-pu: package file/1:5.22+15-2+deb8u2
  - From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>

Prev by Date: Processed: Re: Bug#823752: jessie-pu: package xarchiver/1:0.5.4-1
Next by Date: Processed: Re: Bug#823794: jessie-pu: package file/1:5.22+15-2+deb8u2
Previous by thread: Bug#823794: jessie-pu: package file/1:5.22+15-2+deb8u2
Next by thread: Processed: Re: Bug#823794: jessie-pu: package file/1:5.22+15-2+deb8u2
Index(es):
- Date
- Thread