diff -Nru file-5.32/debian/changelog file-5.32/debian/changelog
--- file-5.32/debian/changelog	2018-06-13 17:09:39.000000000 +0000
+++ file-5.32/debian/changelog	2019-03-13 16:43:04.000000000 +0000
@@ -1,3 +1,17 @@
+file (1:5.32-2ubuntu0.2) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: overflows in do_core_note
+    - debian/patches/CVE-2019-8905_8907.patch: limit size of file_printable
+      in src/file.h, src/funcs.c, src/readelf.c, src/softmagic.c.
+    - CVE-2019-8905
+    - CVE-2019-8907
+  * SECURITY UPDATE: out-of-bounds read in do_core_note
+    - debian/patches/CVE-2019-8906.patch: add bounds check in
+      src/readelf.c.
+    - CVE-2019-8906
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 13 Mar 2019 12:43:04 -0400
+
 file (1:5.32-2ubuntu0.1) bionic-security; urgency=medium
 
   * SECURITY UPDATE: out-of-bounds read via crafted ELF file
diff -Nru file-5.32/debian/patches/CVE-2019-8905_8907.patch file-5.32/debian/patches/CVE-2019-8905_8907.patch
--- file-5.32/debian/patches/CVE-2019-8905_8907.patch	1970-01-01 00:00:00.000000000 +0000
+++ file-5.32/debian/patches/CVE-2019-8905_8907.patch	2019-03-13 16:41:37.000000000 +0000
@@ -0,0 +1,115 @@
+Backport of:
+
+From d65781527c8134a1202b2649695d48d5701ac60b Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 18 Feb 2019 17:46:56 +0000
+Subject: [PATCH] PR/62: spinpx: limit size of file_printable.
+
+---
+ src/file.h      |  4 ++--
+ src/funcs.c     |  9 +++++----
+ src/readelf.c   |  7 ++++---
+ src/softmagic.c | 14 ++++++++------
+ 4 files changed, 19 insertions(+), 15 deletions(-)
+
+Index: file-5.32/src/file.h
+===================================================================
+--- file-5.32.orig/src/file.h	2019-03-13 12:38:58.854781641 -0400
++++ file-5.32/src/file.h	2019-03-13 12:38:58.842781596 -0400
+@@ -491,7 +491,7 @@ protected int file_looks_utf8(const unsi
+     size_t *);
+ protected size_t file_pstring_length_size(const struct magic *);
+ protected size_t file_pstring_get_length(const struct magic *, const char *);
+-protected char * file_printable(char *, size_t, const char *);
++protected char * file_printable(char *, size_t, const char *, size_t);
+ #ifdef __EMX__
+ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
+     size_t);
+Index: file-5.32/src/funcs.c
+===================================================================
+--- file-5.32.orig/src/funcs.c	2019-03-13 12:38:58.854781641 -0400
++++ file-5.32/src/funcs.c	2019-03-13 12:38:58.842781596 -0400
+@@ -581,12 +581,13 @@ file_pop_buffer(struct magic_set *ms, fi
+  * convert string to ascii printable format.
+  */
+ protected char *
+-file_printable(char *buf, size_t bufsiz, const char *str)
++file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
+ {
+-	char *ptr, *eptr;
++	char *ptr, *eptr = buf + bufsiz - 1;
+ 	const unsigned char *s = (const unsigned char *)str;
++	const unsigned char *es = s + slen;
+ 
+-	for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
++	for (ptr = buf;  ptr < eptr && s < es && *s; s++) {
+ 		if (isprint(*s)) {
+ 			*ptr++ = *s;
+ 			continue;
+Index: file-5.32/src/readelf.c
+===================================================================
+--- file-5.32.orig/src/readelf.c	2019-03-13 12:38:58.854781641 -0400
++++ file-5.32/src/readelf.c	2019-03-13 12:39:43.450945506 -0400
+@@ -725,7 +725,7 @@ do_core_note(struct magic_set *ms, unsig
+ 			if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ 			    "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
+ 			    file_printable(sbuf, sizeof(sbuf),
+-			    CAST(char *, pi.cpi_name)),
++			    RCAST(char *, pi.cpi_name), sizeof(pi.cpi_name)),
+ 			    elf_getu32(swap, pi.cpi_pid),
+ 			    elf_getu32(swap, pi.cpi_euid),
+ 			    elf_getu32(swap, pi.cpi_egid),
+@@ -1564,7 +1564,8 @@ dophn_exec(struct magic_set *ms, int cla
+ 		return -1;
+ 	if (interp[0])
+ 		if (file_printf(ms, ", interpreter %s",
+-		    file_printable(ibuf, sizeof(ibuf), interp)) == -1)
++		    file_printable(ibuf, sizeof(ibuf), interp, sizeof(interp)))
++			== -1)
+ 			return -1;
+ 	return 0;
+ }
+Index: file-5.32/src/softmagic.c
+===================================================================
+--- file-5.32.orig/src/softmagic.c	2019-03-13 12:38:58.854781641 -0400
++++ file-5.32/src/softmagic.c	2019-03-13 12:41:26.723323004 -0400
+@@ -544,8 +544,8 @@ mprint(struct magic_set *ms, struct magi
+   	case FILE_LESTRING16:
+ 		if (m->reln == '=' || m->reln == '!') {
+ 			if (file_printf(ms, F(ms, m, "%s"), 
+-			    file_printable(sbuf, sizeof(sbuf), m->value.s))
+-			    == -1)
++			    file_printable(sbuf, sizeof(sbuf), m->value.s,
++			    sizeof(m->value.s))) == -1)
+ 				return -1;
+ 			t = ms->offset + m->vallen;
+ 		}
+@@ -572,7 +572,8 @@ mprint(struct magic_set *ms, struct magi
+ 			}
+ 
+ 			if (file_printf(ms, F(ms, m, "%s"),
+-			    file_printable(sbuf, sizeof(sbuf), str)) == -1)
++			    file_printable(sbuf, sizeof(sbuf), str,
++				sizeof(p->s) - (str - p->s))) == -1)
+ 				return -1;
+ 
+ 			if (m->type == FILE_PSTRING)
+@@ -678,7 +679,7 @@ mprint(struct magic_set *ms, struct magi
+ 			return -1;
+ 		}
+ 		rval = file_printf(ms, F(ms, m, "%s"),
+-		    file_printable(sbuf, sizeof(sbuf), cp));
++		    file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len));
+ 		free(cp);
+ 
+ 		if (rval == -1)
+@@ -705,7 +706,8 @@ mprint(struct magic_set *ms, struct magi
+ 		break;
+ 	case FILE_DER:
+ 		if (file_printf(ms, F(ms, m, "%s"), 
+-		    file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
++		    file_printable(sbuf, sizeof(sbuf), ms->ms_value.s,
++			sizeof(ms->ms_value.s))) == -1)
+ 			return -1;
+ 		t = ms->offset;
+ 		break;
diff -Nru file-5.32/debian/patches/CVE-2019-8906.patch file-5.32/debian/patches/CVE-2019-8906.patch
--- file-5.32/debian/patches/CVE-2019-8906.patch	1970-01-01 00:00:00.000000000 +0000
+++ file-5.32/debian/patches/CVE-2019-8906.patch	2019-03-13 16:43:00.000000000 +0000
@@ -0,0 +1,22 @@
+From 2858eaf99f6cc5aae129bcbf1e24ad160240185f Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Wed, 2 Jan 2019 19:44:14 +0000
+Subject: [PATCH] Avoid OOB read (found by ASAN reported by F. Alonso)
+
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: file-5.32/src/readelf.c
+===================================================================
+--- file-5.32.orig/src/readelf.c	2019-03-13 12:42:58.579656793 -0400
++++ file-5.32/src/readelf.c	2019-03-13 12:42:58.579656793 -0400
+@@ -720,7 +720,7 @@ do_core_note(struct magic_set *ms, unsig
+ 			char sbuf[512];
+ 			struct NetBSD_elfcore_procinfo pi;
+ 			memset(&pi, 0, sizeof(pi));
+-			memcpy(&pi, nbuf + doff, descsz);
++			memcpy(&pi, nbuf + doff, MIN(descsz, sizeof(pi)));
+ 
+ 			if (file_printf(ms, ", from '%.31s', pid=%u, uid=%u, "
+ 			    "gid=%u, nlwps=%u, lwp=%u (signal %u/code %u)",
diff -Nru file-5.32/debian/patches/series file-5.32/debian/patches/series
--- file-5.32/debian/patches/series	2018-06-13 17:09:32.000000000 +0000
+++ file-5.32/debian/patches/series	2019-03-13 16:42:57.000000000 +0000
@@ -8,3 +8,5 @@
 local.disable-detection-of-vax-coff-executables.patch
 local.disable-algol68-detection.patch
 CVE-2018-10360.patch
+CVE-2019-8905_8907.patch
+CVE-2019-8906.patch