-
file (1:5.19-1ubuntu1.2) utopic-security; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/apprentice.c, src/file.c,
src/file.h, src/file_opts.h, src/funcs.c, src/magic.c,
src/magic.h.in, src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
* SECURITY UPDATE: DoS via long pascal strings
- debian/patches/pr398-truncate-pascal-strings.patch: correctly
calculate size in src/softmagic.c.
- No CVE number
* debian/libmagic1.symbols: added new symbols
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 08:50:57 -0500
-
file (1:5.19-1ubuntu1.1) utopic-security; urgency=medium
* SECURITY UPDATE: buffer underflow in CDF file identification
- debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
abort on buffer underflows.
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:29:53 -0700
-
file (1:5.19-1ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
- Recognize python3.4 byte code.
file (1:5.19-1) unstable; urgency=low
* New upstream version 5.19. Addresses:
- new magic: Hash::SharedMem. Closes: #742949
- Some plain text identified as flash file. Closes: #745882
- magic for Device Tree Blobs. Closes: #746301
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 10:58:30 -0400
-
file (1:5.18-1ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
- Recognize python3.4 byte code.
* Dropped upstreamed patches:
- debian/patches/CVE-2014-2270.patch
- debian/patches/CVE-2013-1943.patch
file (1:5.18-1) unstable; urgency=low
* Support profile build (without python). Closes: #709558, #720655
Thanks to Daniel Schepler and Eleanor Chen.
* Add a debian/watch file. Closes: #741665
* Update debian/copyright
* New upstream version 5.18. Closes: #742262, #742265
This also addresses (in order of appearance):
- Identify Microsoft Installer (MSI) files. Closes: #216451
- Correctly detect RIFF/WAVE files with more sections. Closes: #498076
- Detect Microsoft cursor (.cur) files. Closes: #562250
- Detect UBI images. Closes: #573362
- Detect avr32 ELF objects. Closes: #588953
- Clarify search options in magic(5) manpage. Closes: #589844
- Fix formatting errors in detection of MS-DOS executables,
Closes: #605143
- Fix MIME type for MPEG Layer II. Closes: #609211
- Improve detection of some JPEG files. Closes: #657545
- Detect ocaml bytecode executables. Closes: #664679
- Provide manpage pointer for "magic_errno". Closes: #696113
- Detect "#!/bin/sh" with embedded binary data. Closes: #707014
- Detect Delphi compiled form data. Closes: #712046
- Document --apple option. Closes: #723628
* Revert upstream commit FILE5_17-62-gbeb312b:
"add fmtcheck", several regressions
Also Closes: #745086 "use dh-autoreconf"
* Cherry-pick from upstream:
- FILE5_18-2-g1ecdd15, FILE5_18-7-g2c947ac:
Fix regression in detection of Microsoft cursor files.
- FILE5_18-4-g966ca13, FILE5_18-6-g0b62876:
Improve Palm OS library detection, so gvfs-less finally is
detected as a shell script.
- FILE5_18-11-ge14d88d: Fix [Python] regression
file (1:5.17-1) unstable; urgency=high
* Urgency set to high to complete the fix for CVE-2014-2270
* New maintainer. Thanks Luk for handing over.
* Acknowledge my own NMU :)
* Upgrade to Standards-Version: 3.9.5, no changes
* Trim python build dependencies and make python-magic arch-all,
thanks Scott Kitterman. Closes: #709269
* Cherry-pick upstream commit FILE5_17-4-geced9db:
"comment out python comment magic". Closes: #729970
* Cherry-pick upstram commit FILE5_17-8-gc0c0032:
"Fix memory leak". Closes: #740694
* Cherry-pick upstream commit FILE5_17-17-gf9d8564:
"encode [python] filename". Closes: #435397
* Replace 8-bit characters in CDF summary data with spaces
* Cherry-pick upstream commit FILE5_17-20-g70c65d2:
"off by one in out of bounds calculations" (CVE-2014-2270 amendment)
file (1:5.17-0.1) unstable; urgency=high
* Non-maintainer upload.
* urgency set to high to fix CVE-2014-1943
* New upstream version 5.17, Closes: #738832
- Dropped 0013-eliminate-global-var.patch: applied upstream
-- Marc Deslauriers <email address hidden> Wed, 14 May 2014 14:53:15 -0400
-
file (1:5.14-2ubuntu3) trusty; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:27:40 -0400