[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3121-1] file security update

On Thu, 08 Jan 2015, Moritz Muehlenhoff wrote:
> Multiple security issues have been found in file, a tool/library to 

For the record, the "file" package currently in wheezy-backports is in dire
need of a security update.  It is in fact quite dangerous to run it if you
have it installed together with, e.g., amavisd-new or anything else that
will run file/libmagic on untrusted data from the network.

I do have a private backport of file/5.21+15, but it is a quick hack job
that dropped multiarch and build-profile support to ease backporting.  If
someone has a better backport that preserves multiarch support, please

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: