Ubuntu
file package

Change logs for file source package in Saucy

  1. Saucy (13.10)
  2. Change log 
  • file (5.11-2ubuntu4.3) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service via awk rule backtracking
    - debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
      magic/Magdir/commands.
    - CVE-2013-7345
  * SECURITY UPDATE: denial of service in cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in mconvert
    - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
      string size in src/softmagic.c.
    - CVE-2014-3478
  * SECURITY UPDATE: denial of service in cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3487
  * SECURITY UPDATE: denial of service via awk rule backtracking
    - debian/patches/CVE-2014-3538.patch: allow specifying lengths for
      regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
      existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
      magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
      magic/Magdir/troff, update manpage in doc/magic.man.
    - CVE-2014-3538
  * debian/patches/commands-strength.patch: reduce strength of awk rule so
    it doesn't get priority over perl scripts.
 -- Marc Deslauriers <email address hidden>   Thu, 10 Jul 2014 11:56:29 -0400
  • file (5.11-2ubuntu4.2) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted offset in PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
    - CVE-2014-2270
 -- Marc Deslauriers <email address hidden>   Thu, 03 Apr 2014 13:32:25 -0400
  • file (5.11-2ubuntu4.1) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted indirect offset value
    - debian/patches/CVE-2013-1943.patch: properly handle recursion in
      src/ascmagic.c, src/file.h, src/funcs.c, src/softmagic.c.
    - CVE-2013-1943
 -- Marc Deslauriers <email address hidden>   Mon, 24 Feb 2014 12:38:41 -0500
  • file (5.11-2ubuntu4) raring; urgency=low

  * debian/rules: Remove the override_dh_strip target.
 -- Matthias Klose <email address hidden>   Wed, 06 Mar 2013 21:26:02 +0800