Re: [SECURITY] [DSA 3121-1] file security update
On Thu, 08 Jan 2015, Moritz Muehlenhoff wrote:
> Multiple security issues have been found in file, a tool/library to
For the record, the "file" package currently in wheezy-backports is in dire
need of a security update. It is in fact quite dangerous to run it if you
have it installed together with, e.g., amavisd-new or anything else that
will run file/libmagic on untrusted data from the network.
I do have a private backport of file/5.21+15, but it is a quick hack job
that dropped multiarch and build-profile support to ease backporting. If
someone has a better backport that preserves multiarch support, please
upload.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: