-
file (1:5.14-2ubuntu3.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of notes or long
string
- debian/patches/CVE-2014-962x-pre*.patch: backport pre-requisite code
changes.
- debian/patches/CVE-2014-962x-1.patch: add a limit to the number of
ELF notes processed in doc/file.man, doc/libmagic.man,
src/apprentice.c, src/elfclass.h, src/file.c, src/file.h,
src/file_opts.h, src/magic.c, src/magic.h.in, src/readelf.c.
- debian/patches/CVE-2014-962x-2.patch: limit string printing to 100
chars, and add flags in src/readelf.c.
- CVE-2014-9620
- CVE-2014-9621
* SECURITY UPDATE: denial of service via crafted ELF file
- debian/patches/CVE-2014-9653.patch: bail out on partial reads in
src/readelf.c.
- CVE-2014-9653
* SECURITY UPDATE: memory corruption in file_check_mem.
- debian/patches/CVE-2015-8865.patch: properly calculate length in
src/funcs.c.
- CVE-2015-8865
* SECURITY UPDATE: out-of-bounds read via crafted ELF file
- debian/patches/CVE-2018-10360.patch: add bounds check to
src/readelf.c.
- CVE-2018-10360
-- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 14:45:30 -0400
-
file (1:5.14-2ubuntu3.3) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/apprentice.c, src/file.c,
src/file.h, src/file_opts.h, src/funcs.c, src/magic.c,
src/magic.h.in, src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
* SECURITY UPDATE: DoS via long pascal strings
- debian/patches/pr398-truncate-pascal-strings.patch: correctly
calculate size in src/softmagic.c.
- No CVE number
* debian/libmagic1.symbols: added new symbols
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 09:23:18 -0500
-
file (1:5.14-2ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: buffer underflow in CDF file identification
- debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
abort on buffer underflows.
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:33:26 -0700
-
file (1:5.14-2ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
magic/Magdir/commands.
- CVE-2013-7345
* SECURITY UPDATE: denial of service in cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in src/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2014-3538.patch: allow specifying lengths for
regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
magic/Magdir/troff, update manpage in doc/magic.man.
- CVE-2014-3538
* debian/patches/commands-strength.patch: reduce strength of awk rule so
it doesn't get priority over perl scripts.
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 09:40:56 -0400
-
file (1:5.14-2ubuntu3) trusty; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:27:40 -0400
-
file (1:5.14-2ubuntu2) trusty; urgency=medium
* SECURITY UPDATE: denial of service via crafted indirect offset value
- debian/patches/CVE-2013-1943.patch: properly handle recursion in
src/ascmagic.c, src/file.h, src/funcs.c, src/softmagic.c.
- CVE-2013-1943
-- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 11:23:34 -0500
-
file (1:5.14-2ubuntu1) trusty; urgency=low
* Merge with Debian; remaining changes:
- Adjust python build dependencies for cross builds.
- Make python-magic a binary indep package.
- Allow the package to cross-build.
* Recognize python3.4 byte code.
* Build using dh-autoreconf.
file (1:5.14-2) unstable; urgency=high
* Eliminate global variable to fix segfault (Closes: #708281).
file (1:5.14-1) unstable; urgency=low
* New upstream version
- Update patches
- Drop 0005-python3.3.patch: applied upstream
file (1:5.13-2) experimental; urgency=low
* Archive rejects -1 as there was one already.
file (1:5.13-1) experimental; urgency=low
[ Daniel Baumann ]
* Applying slightly modified patch from Benjamin Drung
<email address hidden> to build a python3-magic package (Closes:
#695259).
* Adding patch from Jakub Wilk <email address hidden> to make file recognize
byte-compiled files generated by Python 3.3 (Closes: #697110).
* Applying slight modified patch from Benjamin Drung <email address hidden>
to configure with --disable-silent-rules.
* Applying slightly modified patch from Benjamin Drung
<email address hidden> to stop building python-magic-dbg.
[ Benjamin Drung ]
* Removing dublicated fields for binary packages in control.
* Adding symbols file for libmagic.
[ Daniel Baumann ]
* Trimming diff headers in patches.
* Using four digit prefixes for patch files.
* Adding patch to update gzip mime (Closes: #688886).
* Adding new magics from Esa Hyytiä <email address hidden> for Commodore
raw tape files (Closes: #699777).
* Adding updated magics from Bastien Roucaries
<email address hidden> for AOL ART images (Closes: #681304).
* Adding file debug package (Closes: #601329).
* Updating copyright file (Closes: #701937).
* Setting priority for python bindings to optional (Closes: #687219).
* Adding updated magics from Paul Wise <email address hidden> for MS Windows
HtmlHelp Data (Closes: #653911).
* Merging upstream version 5.13: - readelf uses debug information
properly now (Closes: #664526).
* Updating file-localmagic.patch to avoid warning about non-compiled
/etc/magic (Closes: #658629).
* Updating symbols file for 5.13.
* Adding new magics from Russell Coker <email address hidden> for Linux
Software RAID (Closes: #663454).
* Adding updated magics from Russell Coker <email address hidden> for
BTRFS (Closes: #663454).
* Adding patch to add POSIXLY_CORRECT reference in usage message
(Closes: #576679).
* Renumbering patches.
* Adding new magics from chrysn <email address hidden> for LXT (Closes:
#647412).
[ Luk Claes ]
* Reupload 5.13 to experimental.
file (1:5.11-3) unstable; urgency=low
* Taking over maintainership (Closes: 704326).
* Updating Standards-Version (no changes).
* Do not ship python-magic-dbg as it is currently empty.
file (1:5.11-2.1) unstable; urgency=low
* Non-maintainer upload.
* Re-upload 5.11-2:
- Fix ELF detection on 64-bit big endian architectures (closes: #703274).
-- Matthias Klose <email address hidden> Fri, 06 Dec 2013 21:42:48 +0100
-
file (5.11-2ubuntu4) raring; urgency=low
* debian/rules: Remove the override_dh_strip target.
-- Matthias Klose <email address hidden> Wed, 06 Mar 2013 21:26:02 +0800
