Publishing details
Changelog
file (1:5.14-2ubuntu3.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of notes or long
string
- debian/patches/CVE-2014-962x-pre*.patch: backport pre-requisite code
changes.
- debian/patches/CVE-2014-962x-1.patch: add a limit to the number of
ELF notes processed in doc/file.man, doc/libmagic.man,
src/apprentice.c, src/elfclass.h, src/file.c, src/file.h,
src/file_opts.h, src/magic.c, src/magic.h.in, src/readelf.c.
- debian/patches/CVE-2014-962x-2.patch: limit string printing to 100
chars, and add flags in src/readelf.c.
- CVE-2014-9620
- CVE-2014-9621
* SECURITY UPDATE: denial of service via crafted ELF file
- debian/patches/CVE-2014-9653.patch: bail out on partial reads in
src/readelf.c.
- CVE-2014-9653
* SECURITY UPDATE: memory corruption in file_check_mem.
- debian/patches/CVE-2015-8865.patch: properly calculate length in
src/funcs.c.
- CVE-2015-8865
* SECURITY UPDATE: out-of-bounds read via crafted ELF file
- debian/patches/CVE-2018-10360.patch: add bounds check to
src/readelf.c.
- CVE-2018-10360
-- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 14:45:30 -0400
Builds
Built packages
-
file
Determines file type using "magic" numbers
-
file-dbg
Determines file type using "magic" numbers (debug)
-
file-dbgsym
debug symbols for package file
-
libmagic-dev
File type determination library using "magic" numbers (development)
-
libmagic-dev-dbgsym
debug symbols for package libmagic-dev
-
libmagic1
File type determination library using "magic" numbers
-
libmagic1-dbgsym
debug symbols for package libmagic1
-
python-magic
File type determination library using "magic" numbers (Python bindings)
-
python3-magic
File type determination library using "magic" numbers (Python 3 bindings)
Package files