-
file (1:5.25-2ubuntu1.4) xenial-security; urgency=medium
* SECURITY REGRESSION: truncated interpreter name (LP: #1835596)
- debian/patches/CVE-2019-8905_8907.patch: updated to use correct
length in src/readelf.c.
-- Marc Deslauriers <email address hidden> Tue, 12 May 2020 09:33:55 -0400
-
file (1:5.25-2ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
- debian/patches/CVE-2019-18218.patch: limit the number of elements in
a vector in src/cdf.*.
- CVE-2019-18218
-- Marc Deslauriers <email address hidden> Tue, 29 Oct 2019 12:51:38 -0400
-
file (1:5.25-2ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: overflows in do_core_note
- debian/patches/CVE-2019-8905_8907.patch: limit size of file_printable
in src/file.h, src/funcs.c, src/readelf.c, src/softmagic.c.
- CVE-2019-8905
- CVE-2019-8907
-- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 12:49:55 -0400
-
file (1:5.25-2ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read via crafted ELF file
- debian/patches/CVE-2018-10360.patch: add bounds check to
src/readelf.c.
- CVE-2018-10360
-- Marc Deslauriers <email address hidden> Wed, 13 Jun 2018 13:11:41 -0400
-
file (1:5.25-2ubuntu1) xenial; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
file (1:5.25-2) unstable; urgency=medium
* Fix --mime-encoding. Closes: #799690
file (1:5.25-1) unstable; urgency=low
* New upstream version 5.25
* Import important commits post 5.25 release:
- PR/479: check the format length modifiers, protect against
0-divide and offset out of bounds reads
- print annotations
* Disable detection of VAX COFF executables. Closes: #697846
file (1:5.24-2) unstable; urgency=medium
* Fix handling of file's --parameter option. Closes: #798410
* Fix strength of Python script detection. Closes: #698569, #798796
file (1:5.24-1) unstable; urgency=low
* New upstream version 5.24. Addresses:
- mistakes some PDFs, Closes: #520098
- '#!' should have a bigger strength, Closes: #698569
* Update build dependencies:
- dh-python
- Recent dpkg-dev version for minimal restriction formula support
-- Marc Deslauriers <email address hidden> Fri, 20 Nov 2015 08:44:40 -0500
-
file (1:5.22+15-2ubuntu1) wily; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Adjust python build dependencies for cross builds.
- Allow the package to cross-build.
* Dropped patches included in new version:
- debian/patches/CVE-2014-3710.patch
- debian/patches/CVE-2014-8116.patch
- debian/patches/CVE-2014-8117.patch
- debian/patches/pr398-truncate-pascal-strings.patch
file (1:5.22+15-2) unstable; urgency=medium
* Restore detection of some jpeg files. Closes: #780095
file (1:5.22+15-1) unstable; urgency=high
* Use upstream commit FILE5_22-11-ge452600 to include yet another
security fix (PR/411).
file (1:5.22+2-1) unstable; urgency=medium
* New upstream version. Closes: #774219
* Use upstream commit FILE5_22-2-g9f0601f to include all recent
fixes.
file (1:5.21+15-1) unstable; urgency=high
* Fixes a security issue, urgency set to high
* New upstream version 5.21
- Limit number of elf program and sections processing
- Reduce the number of recursion levels
Closes: #773148 (CVE-2014-8116, CVE-2014-8117)
* Use upstream commit FILE5_21-15-ge7e96a9 to include all recent
fixes.
file (1:5.20-2) unstable; urgency=high
* Fixes a security issue, urgency set to high
* Cherry-pick upstream commit FILE5_20-5-g39c7ac1:
Fix note bounds reading, Francisco Alonso / Red Hat (CVE-2014-3710).
Closes: #768806
-- Marc Deslauriers <email address hidden> Thu, 21 May 2015 08:33:43 -0400