-
file (5.11-2ubuntu4.3) saucy-security; urgency=medium
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
magic/Magdir/commands.
- CVE-2013-7345
* SECURITY UPDATE: denial of service in cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in src/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2014-3538.patch: allow specifying lengths for
regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
magic/Magdir/troff, update manpage in doc/magic.man.
- CVE-2014-3538
* debian/patches/commands-strength.patch: reduce strength of awk rule so
it doesn't get priority over perl scripts.
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 11:56:29 -0400
-
file (5.11-2ubuntu4.2) saucy-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:32:25 -0400
-
file (5.11-2ubuntu4.1) saucy-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted indirect offset value
- debian/patches/CVE-2013-1943.patch: properly handle recursion in
src/ascmagic.c, src/file.h, src/funcs.c, src/softmagic.c.
- CVE-2013-1943
-- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 12:38:41 -0500
-
file (5.11-2ubuntu4) raring; urgency=low
* debian/rules: Remove the override_dh_strip target.
-- Matthias Klose <email address hidden> Wed, 06 Mar 2013 21:26:02 +0800