Change log for file package in Ubuntu
| 1 → 75 of 134 results | First • Previous • Next • Last |
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
file (1:5.45-3build1) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 07:35:22 +0000
Available diffs
- diff from 1:5.45-3 (in Debian) to 1:5.45-3build1 (534 bytes)
file (1:5.45-3) unstable; urgency=medium * Cherry-pick "Recognize unified diff output". Closes: #1063522 -- Christoph Biedl <email address hidden> Fri, 01 Mar 2024 18:30:40 +0100
Available diffs
- diff from 1:5.45-2 to 1:5.45-3 (3.9 KiB)
- diff from 1:5.45-2.1 to 1:5.45-3 (2.4 KiB)
| Superseded in noble-proposed |
file (1:5.45-2.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1063113 -- Benjamin Drung <email address hidden> Fri, 01 Mar 2024 11:59:20 +0000
Available diffs
- diff from 1:5.45-2 to 1:5.45-2.1 (2.2 KiB)
file (1:5.41-3ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: buffer over-read in file_copystr
- debian/patches/CVE-2022-48554.patch: don't use strlcpy to copy the
string in src/funcs.c.
- CVE-2022-48554
-- Marc Deslauriers <email address hidden> Mon, 11 Sep 2023 13:59:06 -0400
Available diffs
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
file (1:5.45-2) unstable; urgency=medium * Upload to unstable -- Christoph Biedl <email address hidden> Sun, 03 Sep 2023 11:40:05 +0200
Available diffs
- diff from 1:5.44-3 to 1:5.45-2 (158.4 KiB)
| Superseded in noble-release |
| Published in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
file (1:5.44-3) unstable; urgency=medium * Cherry-pick fixes related to APK file detection -- Christoph Biedl <email address hidden> Sat, 28 Jan 2023 19:17:20 +0100
Available diffs
- diff from 1:5.44-2 to 1:5.44-3 (2.3 KiB)
file (1:5.44-2) unstable; urgency=medium
* Cherry-pick several commits to improve the detection of APK files.
Closes: #849782
-- Christoph Biedl <email address hidden> Sun, 15 Jan 2023 19:15:20 +0100
Available diffs
- diff from 1:5.41-4 to 1:5.44-2 (220.5 KiB)
- diff from 1:5.44-1 to 1:5.44-2 (4.5 KiB)
file (1:5.44-1) unstable; urgency=medium * New upstream version 5.44 * Cherry-pick "Pyzip improvements". Closes: #1026976 * Detect smali files -- Christoph Biedl <email address hidden> Tue, 10 Jan 2023 21:39:37 +0100
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
file (1:5.41-4) unstable; urgency=medium * Use the just-built file executable only if it exists -- Christoph Biedl <email address hidden> Sun, 24 Apr 2022 12:49:37 +0200
Available diffs
- diff from 1:5.41-3 to 1:5.41-4 (619 bytes)
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
file (1:5.41-3) unstable; urgency=medium * Cherry-pick commit to avoid mis-detection of .dbf as executable -- Christoph Biedl <email address hidden> Thu, 24 Mar 2022 18:07:09 +0100
Available diffs
| Superseded in jammy-proposed |
file (1:5.41-2build1) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Ćukasz 'sil2100' Zemczak <email address hidden> Wed, 23 Mar 2022 14:52:05 +0100
Available diffs
- diff from 1:5.41-2 (in Debian) to 1:5.41-2build1 (325 bytes)
file (1:5.41-2) unstable; urgency=medium * Upload to unstable -- Christoph Biedl <email address hidden> Fri, 19 Nov 2021 19:16:34 +0100
Available diffs
- diff from 1:5.39-3build1 (in Ubuntu) to 1:5.41-2 (170.8 KiB)
| Superseded in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
| Deleted in impish-proposed (Reason: Moved ot jammy) |
file (1:5.39-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:11:31 +0200
Available diffs
- diff from 1:5.39-3 (in Debian) to 1:5.39-3build1 (315 bytes)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
file (1:5.39-3) unstable; urgency=medium * Upload to unstable -- Christoph Biedl <email address hidden> Thu, 19 Nov 2020 22:21:06 +0100
Available diffs
- diff from 1:5.38-5 to 1:5.39-3 (62.9 KiB)
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
file (1:5.38-5) unstable; urgency=medium * Change default for name/use to 50. Closes: #928009 * Fix regression in detection of troff files. Closes: #949878 -- Christoph Biedl <email address hidden> Sat, 16 May 2020 21:55:21 +0200
Available diffs
- diff from 1:5.38-4 to 1:5.38-5 (2.5 KiB)
file (1:5.32-2ubuntu0.4) bionic-security; urgency=medium * SECURITY REGRESSION: truncated interpreter name (LP: #1835596) - debian/patches/CVE-2019-8905_8907.patch: updated to use correct length in src/readelf.c. -- Marc Deslauriers <email address hidden> Tue, 12 May 2020 09:31:09 -0400
Available diffs
file (1:5.25-2ubuntu1.4) xenial-security; urgency=medium * SECURITY REGRESSION: truncated interpreter name (LP: #1835596) - debian/patches/CVE-2019-8905_8907.patch: updated to use correct length in src/readelf.c. -- Marc Deslauriers <email address hidden> Tue, 12 May 2020 09:33:55 -0400
Available diffs
- diff from 1:5.25-2ubuntu1.3 to 1:5.25-2ubuntu1.4 (732 bytes)
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
file (1:5.38-4) unstable; urgency=medium
* Use the just-built file executable when running several debhelper
programs. Closes: #948619
* Explicitly disable seccomp support. Closes: #948522
-- Christoph Biedl <email address hidden> Thu, 16 Jan 2020 21:39:11 +0100
Available diffs
file (1:5.37-6ubuntu1) focal; urgency=medium
* No-change upload to prevent autosync of file 1:5.38-2,
see #948269
-- Graham Inggs <email address hidden> Mon, 06 Jan 2020 11:15:02 +0000
Available diffs
file (5.09-2ubuntu0.8) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
- debian/patches/CVE-2019-18218.patch: limit the number of elements in
a vector in src/cdf.*.
- CVE-2019-18218
-- <email address hidden> (Leonidas S. Barbosa) Thu, 31 Oct 2019 11:42:33 -0300
Available diffs
file (1:5.25-2ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
- debian/patches/CVE-2019-18218.patch: limit the number of elements in
a vector in src/cdf.*.
- CVE-2019-18218
-- Marc Deslauriers <email address hidden> Tue, 29 Oct 2019 12:51:38 -0400
Available diffs
file (1:5.32-2ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
- debian/patches/CVE-2019-18218.patch: limit the number of elements in
a vector in src/cdf.*.
- CVE-2019-18218
-- Marc Deslauriers <email address hidden> Tue, 29 Oct 2019 12:50:19 -0400
Available diffs
file (1:5.35-4ubuntu0.1) disco-security; urgency=medium
* SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
- debian/patches/CVE-2019-18218.patch: limit the number of elements in
a vector in src/cdf.*.
- CVE-2019-18218
-- Marc Deslauriers <email address hidden> Tue, 29 Oct 2019 12:49:38 -0400
Available diffs
file (1:5.37-5ubuntu0.1) eoan-security; urgency=medium
* SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
- debian/patches/CVE-2019-18218.patch: limit the number of elements in
a vector in src/cdf.*.
- CVE-2019-18218
-- Marc Deslauriers <email address hidden> Tue, 29 Oct 2019 12:47:32 -0400
Available diffs
file (1:5.37-6) unstable; urgency=high
* Cherry-pick commit to restrict the number of CDF_VECTOR elements.
Closes: #942830 [CVE-2019-18218]
-- Christoph Biedl <email address hidden> Tue, 22 Oct 2019 21:05:34 +0200
Available diffs
- diff from 1:5.37-5 to 1:5.37-6 (1.2 KiB)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
file (1:5.37-5) unstable; urgency=medium
* Re-disable seccomp support, not feasible. Closes: #932480,
#932481, #932762, #932947
-- Christoph Biedl <email address hidden> Fri, 26 Jul 2019 16:20:28 +0200
Available diffs
- diff from 1:5.35-4 to 1:5.37-5 (143.6 KiB)
- diff from 1:5.37-4 to 1:5.37-5 (1.3 KiB)
file (1:5.37-4) unstable; urgency=medium * Cherry-pick two commits that fine-tune seccomp handling * Allow syscalls make by libfakeroot. Closes: #932762 -- Christoph Biedl <email address hidden> Tue, 23 Jul 2019 01:34:12 +0200
Available diffs
- diff from 1:5.37-3 to 1:5.37-4 (1.8 KiB)
file (1:5.37-3) unstable; urgency=medium * Cherry-pick "Always support the --no-sandbox option" -- Christoph Biedl <email address hidden> Fri, 19 Jul 2019 23:33:03 +0200
Available diffs
- diff from 1:5.37-2 to 1:5.37-3 (1.8 KiB)
file (1:5.37-2) unstable; urgency=medium * New upstream version 5.37, upload to unstable * Refine seccomp support. Closes: #931985 * Cherry-pick "Add lzma decompression support" * Cherry-pick "Add lzma and bzip built-in decompression support" -- Christoph Biedl <email address hidden> Fri, 19 Jul 2019 16:18:13 +0200
file (1:5.25-2ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: overflows in do_core_note
- debian/patches/CVE-2019-8905_8907.patch: limit size of file_printable
in src/file.h, src/funcs.c, src/readelf.c, src/softmagic.c.
- CVE-2019-8905
- CVE-2019-8907
-- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 12:49:55 -0400
Available diffs
file (1:5.34-2ubuntu0.1) cosmic-security; urgency=medium
* SECURITY UPDATE: buffer over-read in do_bid_note
- debian/patches/CVE-2019-8904-pre.patch: correct error handling for
file_printf() in src/readelf.c.
- debian/patches/CVE-2019-8904.patch: avoid non-nul-terminated string
read in src/readelf.c.
- CVE-2019-8904
* SECURITY UPDATE: overflows in do_core_note
- debian/patches/CVE-2019-8905_8907.patch: limit size of file_printable
in src/file.h, src/funcs.c, src/readelf.c, src/softmagic.c.
- CVE-2019-8905
- CVE-2019-8907
* SECURITY UPDATE: out-of-bounds read in do_core_note
- debian/patches/CVE-2019-8906.patch: add bounds check in
src/readelf.c.
- CVE-2019-8906
-- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 11:58:20 -0400
Available diffs
file (1:5.32-2ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: overflows in do_core_note
- debian/patches/CVE-2019-8905_8907.patch: limit size of file_printable
in src/file.h, src/funcs.c, src/readelf.c, src/softmagic.c.
- CVE-2019-8905
- CVE-2019-8907
* SECURITY UPDATE: out-of-bounds read in do_core_note
- debian/patches/CVE-2019-8906.patch: add bounds check in
src/readelf.c.
- CVE-2019-8906
-- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 12:43:04 -0400
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
file (1:5.35-4) unstable; urgency=medium * Cherry-pick fix for JSON detection. Closes: 922874 -- Christoph Biedl <email address hidden> Sat, 02 Mar 2019 08:05:54 +0100
Available diffs
- diff from 1:5.35-2 to 1:5.35-4 (28.3 KiB)
file (1:5.35-2) unstable; urgency=medium * Upload to unstable * Clarify manpage: seccomp is disabled for the time being (#917930) -- Christoph Biedl <email address hidden> Fri, 11 Jan 2019 17:26:27 +0100
Available diffs
- diff from 1:5.34-2 to 1:5.35-2 (46.5 KiB)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
file (1:5.34-2) unstable; urgency=medium
* Cherry-pick from upstream: Handle [elf] files without program
headers gracefully. Closes: #882310
-- Christoph Biedl <email address hidden> Sun, 05 Aug 2018 19:53:19 +0200
Available diffs
- diff from 1:5.33-3 to 1:5.34-2 (75.9 KiB)
file (1:5.14-2ubuntu3.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of notes or long
string
- debian/patches/CVE-2014-962x-pre*.patch: backport pre-requisite code
changes.
- debian/patches/CVE-2014-962x-1.patch: add a limit to the number of
ELF notes processed in doc/file.man, doc/libmagic.man,
src/apprentice.c, src/elfclass.h, src/file.c, src/file.h,
src/file_opts.h, src/magic.c, src/magic.h.in, src/readelf.c.
- debian/patches/CVE-2014-962x-2.patch: limit string printing to 100
chars, and add flags in src/readelf.c.
- CVE-2014-9620
- CVE-2014-9621
* SECURITY UPDATE: denial of service via crafted ELF file
- debian/patches/CVE-2014-9653.patch: bail out on partial reads in
src/readelf.c.
- CVE-2014-9653
* SECURITY UPDATE: memory corruption in file_check_mem.
- debian/patches/CVE-2015-8865.patch: properly calculate length in
src/funcs.c.
- CVE-2015-8865
* SECURITY UPDATE: out-of-bounds read via crafted ELF file
- debian/patches/CVE-2018-10360.patch: add bounds check to
src/readelf.c.
- CVE-2018-10360
-- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 14:45:30 -0400
Available diffs
file (1:5.32-2ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read via crafted ELF file
- debian/patches/CVE-2018-10360.patch: add bounds check to
src/readelf.c.
- CVE-2018-10360
-- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 13:09:39 -0400
Available diffs
file (1:5.32-1ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read via crafted ELF file
- debian/patches/CVE-2018-10360.patch: add bounds check to
src/readelf.c.
- CVE-2018-10360
-- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 13:11:07 -0400
Available diffs
file (1:5.25-2ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read via crafted ELF file
- debian/patches/CVE-2018-10360.patch: add bounds check to
src/readelf.c.
- CVE-2018-10360
-- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 13:11:41 -0400
Available diffs
file (1:5.33-3) unstable; urgency=high
* Avoid reading past the end of buffer. Closes: #901351
[CVE-2018-10360]
-- Christoph Biedl <email address hidden> Mon, 11 Jun 2018 22:52:24 +0200
Available diffs
- diff from 1:5.33-2 to 1:5.33-3 (910 bytes)
file (1:5.33-2) unstable; urgency=medium
* Recognize ia64 and amd64 COFF files. Closes: #877643
* Disable erroneous DBPF detection that breaks SQLite and some
more. Closes: 897153
-- Christoph Biedl <email address hidden> Sun, 29 Apr 2018 12:13:32 +0200
Available diffs
- diff from 1:5.32-2 to 1:5.33-2 (93.8 KiB)
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
file (1:5.32-2) unstable; urgency=medium
* No longer ship python-magic libraries, they are now provided
by src:python-magic
-- Christoph Biedl <email address hidden> Tue, 13 Feb 2018 21:43:38 +0100
Available diffs
- diff from 1:5.32-1 to 1:5.32-2 (3.4 KiB)
file (1:5.29-3ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: buffer overflow when processing elf files
- debian/patches/CVE-2017-1000249.patch: correct logic of size check
- CVE-2017-1000249
-- Steve Beattie <email address hidden> Thu, 07 Sep 2017 11:09:08 -0700
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
file (1:5.32-1) unstable; urgency=high * New upstream version 5.32 -- Christoph Biedl <email address hidden> Mon, 04 Sep 2017 18:20:35 +0200
Available diffs
- diff from 1:5.31-1 to 1:5.32-1 (25.3 KiB)
file (1:5.31-1) unstable; urgency=medium * New upstream version 5.31 -- Christoph Biedl <email address hidden> Sun, 06 Aug 2017 17:29:56 +0200
Available diffs
- diff from 1:5.30-1 to 1:5.31-1 (99.5 KiB)
file (1:5.30-1) unstable; urgency=high * New upstream version 5.30 * Cherry-pick commits that fix issues found by oss-fuzz * Revert new features introduced since 1:5.29-3 -- Christoph Biedl <email address hidden> Sat, 29 Apr 2017 10:57:11 +0200
Available diffs
- diff from 1:5.29-3 to 1:5.30-1 (40.3 KiB)
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
file (1:5.29-3) unstable; urgency=medium
* Restore full local.support-local-definitions-in-etc-magic patch.
Closes: #852476
* Include all upstream commits since the 5.29 release
* Improve detection of Flash data. Closes: #838860
-- Christoph Biedl <email address hidden> Thu, 26 Jan 2017 00:29:24 +0100
Available diffs
- diff from 1:5.29-2 to 1:5.29-3 (17.4 KiB)
file (1:5.29-2) unstable; urgency=medium
* Include all upstream commits since the 5.29 release. Addresses:
- Detect compiled YARA rules. Closes: #833872
- Detect old Word for Mac documents. Closes: #842117
* Disable detection of Algol68 files, way too many false positives
-- Christoph Biedl <email address hidden> Tue, 13 Dec 2016 16:06:43 +0100
Available diffs
- diff from 1:5.28-2ubuntu1 (in Ubuntu) to 1:5.29-2 (52.6 KiB)
- diff from 1:5.29-1 to 1:5.29-2 (9.5 KiB)
file (1:5.29-1) unstable; urgency=medium
* New upstream version 5.28. Addresses (in order of appearance):
- "no read permission" if read from empty pipe. Closes: #508963
- Mistakes hungarian text as dos executables. Closes: #641012
- Does not recognize some GPG key public rings. Closes: #729286
- Show more information for MySQL files. Closes: #751826
- Linux kernel version string truncated. Closes: #756949
- Document file's '-d' option. Closes: #764462
- Detect JPEG-XR. Closes: #771303
- Detect Material exchange container format (mxf). Closes: #782744
- Strengthen detection of Embedded OpenType (EOT). Closes: #784572
- Mistakes some text as bitmap. Closes: #799352
- Dectect swp files from nano, vim, and kate. Closes: #803219
- Mistakes some SVG files as HTML. Closes: #829199
* Fix FTCBFS: Remove stage1 profile in favour of a proper arch/indep
split. Thanks Helmut Grohne. Closes: #841030
-- Christoph Biedl <email address hidden> Tue, 25 Oct 2016 21:09:24 +0200
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
file (1:5.28-2ubuntu1) yakkety; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
Available diffs
- diff from 1:5.25-2ubuntu1 to 1:5.28-2ubuntu1 (95.6 KiB)
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
file (1:5.25-2ubuntu1) xenial; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
Available diffs
- diff from 1:5.22+15-2ubuntu1 to 1:5.25-2ubuntu1 (492.4 KiB)
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
file (1:5.22+15-2ubuntu1) wily; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
* Dropped patches included in new version:
- debian/patches/CVE-2014-3710.patch
- debian/patches/CVE-2014-8116.patch
- debian/patches/CVE-2014-8117.patch
- debian/patches/pr398-truncate-pascal-strings.patch
Available diffs
- diff from 1:5.20-1ubuntu2 to 1:5.22+15-2ubuntu1 (486.0 KiB)
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
file (1:5.20-1ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/apprentice.c, src/file.c,
src/file.h, src/file_opts.h, src/funcs.c, src/magic.c,
src/magic.h.in, src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
* SECURITY UPDATE: DoS via long pascal strings
- debian/patches/pr398-truncate-pascal-strings.patch: correctly
calculate size in src/softmagic.c.
- No CVE number
* debian/libmagic1.symbols: added new symbols
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 08:28:35 -0500
Available diffs
file (1:5.19-1ubuntu1.2) utopic-security; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/apprentice.c, src/file.c,
src/file.h, src/file_opts.h, src/funcs.c, src/magic.c,
src/magic.h.in, src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
* SECURITY UPDATE: DoS via long pascal strings
- debian/patches/pr398-truncate-pascal-strings.patch: correctly
calculate size in src/softmagic.c.
- No CVE number
* debian/libmagic1.symbols: added new symbols
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 08:50:57 -0500
Available diffs
file (5.03-5ubuntu1.5) lucid-security; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/file.{c,h},
src/file_opts.h, src/funcs.c, src/magic.c, src/magic.h,
src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 10:35:33 -0500
Available diffs
file (1:5.14-2ubuntu3.3) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/apprentice.c, src/file.c,
src/file.h, src/file_opts.h, src/funcs.c, src/magic.c,
src/magic.h.in, src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
* SECURITY UPDATE: DoS via long pascal strings
- debian/patches/pr398-truncate-pascal-strings.patch: correctly
calculate size in src/softmagic.c.
- No CVE number
* debian/libmagic1.symbols: added new symbols
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 09:23:18 -0500
Available diffs
file (5.09-2ubuntu0.6) precise-security; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/file.{c,h},
src/file_opts.h, src/funcs.c, src/magic.c, src/magic.h,
src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
* SECURITY UPDATE: DoS via long pascal strings
- debian/patches/pr398-truncate-pascal-strings.patch: correctly
calculate size in src/softmagic.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 10:10:29 -0500
Available diffs
file (1:5.20-1ubuntu1) vivid; urgency=low
* Merge from Debian unstable. Remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
Available diffs
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
file (1:5.19-1ubuntu1.1) utopic-security; urgency=medium
* SECURITY UPDATE: buffer underflow in CDF file identification
- debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
abort on buffer underflows.
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:29:53 -0700
Available diffs
file (1:5.14-2ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: buffer underflow in CDF file identification
- debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
abort on buffer underflows.
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:33:26 -0700
Available diffs
- diff from 1:5.14-2ubuntu3.1 to 1:5.14-2ubuntu3.2 (881 bytes)
file (5.09-2ubuntu0.5) precise-security; urgency=medium
* SECURITY UPDATE: buffer underflow in CDF file identification
- debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
abort on buffer underflows.
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:34:57 -0700
Available diffs
- diff from 5.09-2ubuntu0.4 to 5.09-2ubuntu0.5 (864 bytes)
file (5.03-5ubuntu1.4) lucid-security; urgency=medium
* SECURITY UPDATE: buffer underflow in CDF file identification
- debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
abort on buffer underflows.
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:36:31 -0700
Available diffs
- diff from 5.03-5ubuntu1.3 to 5.03-5ubuntu1.4 (792 bytes)
file (5.09-2ubuntu0.4) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
magic/Magdir/commands.
- CVE-2013-7345
* SECURITY UPDATE: denial of service in cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in src/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2014-3538.patch: allow specifying lengths for
regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
magic/Magdir/troff, update manpage in doc/magic.man.
- CVE-2014-3538
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 12:00:51 -0400
Available diffs
file (5.03-5ubuntu1.3) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
magic/Magdir/commands.
- CVE-2013-7345
* SECURITY UPDATE: denial of service in cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3487
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 12:20:21 -0400
Available diffs
file (5.11-2ubuntu4.3) saucy-security; urgency=medium
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
magic/Magdir/commands.
- CVE-2013-7345
* SECURITY UPDATE: denial of service in cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in src/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2014-3538.patch: allow specifying lengths for
regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
magic/Magdir/troff, update manpage in doc/magic.man.
- CVE-2014-3538
* debian/patches/commands-strength.patch: reduce strength of awk rule so
it doesn't get priority over perl scripts.
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 11:56:29 -0400
Available diffs
file (1:5.14-2ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
magic/Magdir/commands.
- CVE-2013-7345
* SECURITY UPDATE: denial of service in cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in src/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2014-3538.patch: allow specifying lengths for
regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
magic/Magdir/troff, update manpage in doc/magic.man.
- CVE-2014-3538
* debian/patches/commands-strength.patch: reduce strength of awk rule so
it doesn't get priority over perl scripts.
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 09:40:56 -0400
Available diffs
file (1:5.19-1ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
- Recognize python3.4 byte code.
Available diffs
- diff from 1:5.18-1ubuntu1 to 1:5.19-1ubuntu1 (54.4 KiB)
file (1:5.18-1ubuntu1) utopic; urgency=medium
* Merge with Debian; remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
- Recognize python3.4 byte code.
* Dropped upstreamed patches:
- debian/patches/CVE-2014-2270.patch
- debian/patches/CVE-2013-1943.patch
Available diffs
- diff from 1:5.14-2ubuntu3 to 1:5.18-1ubuntu1 (246.1 KiB)
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
file (1:5.14-2ubuntu3) trusty; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:27:40 -0400
Available diffs
file (5.11-2ubuntu0.2) quantal-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:32:55 -0400
Available diffs
file (5.09-2ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:34:02 -0400
Available diffs
file (5.03-5ubuntu1.2) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:35:22 -0400
Available diffs
file (5.11-2ubuntu4.2) saucy-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:32:25 -0400
Available diffs
file (1:5.14-2ubuntu2) trusty; urgency=medium
* SECURITY UPDATE: denial of service via crafted indirect offset value
- debian/patches/CVE-2013-1943.patch: properly handle recursion in
src/ascmagic.c, src/file.h, src/funcs.c, src/softmagic.c.
- CVE-2013-1943
-- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 11:23:34 -0500
Available diffs
file (5.09-2ubuntu0.2) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted CDF file
- debian/patches/CVE-2012-1571.patch:
- CVE-2012-1571
* SECURITY UPDATE: denial of service via crafted indirect offset value
- debian/patches/CVE-2013-1943.patch: properly handle recursion in
src/ascmagic.c, src/file.h, src/funcs.c, src/softmagic.c.
- CVE-2013-1943
-- Marc Deslauriers <email address hidden> Wed, 26 Feb 2014 10:10:03 -0500
Available diffs
| 1 → 75 of 134 results | First • Previous • Next • Last |
