file 1:5.34-2ubuntu0.1 source package in Ubuntu

Changelog

file (1:5.34-2ubuntu0.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: buffer over-read in do_bid_note
    - debian/patches/CVE-2019-8904-pre.patch: correct error handling for
      file_printf() in src/readelf.c.
    - debian/patches/CVE-2019-8904.patch: avoid non-nul-terminated string
      read in src/readelf.c.
    - CVE-2019-8904
  * SECURITY UPDATE: overflows in do_core_note
    - debian/patches/CVE-2019-8905_8907.patch: limit size of file_printable
      in src/file.h, src/funcs.c, src/readelf.c, src/softmagic.c.
    - CVE-2019-8905
    - CVE-2019-8907
  * SECURITY UPDATE: out-of-bounds read in do_core_note
    - debian/patches/CVE-2019-8906.patch: add bounds check in
      src/readelf.c.
    - CVE-2019-8906

 -- Marc Deslauriers <email address hidden>  Wed, 13 Mar 2019 11:58:20 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2019-03-13
Uploaded to:
Cosmic
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Cosmic updates on 2019-03-18 main utils
Cosmic security on 2019-03-18 main utils

Downloads

File Size SHA-256 Checksum
file_5.34.orig.tar.xz 630.1 KiB b83618b2b1e269d65a28b068460add53a690e53fa11c53174df293bb04d231b2
file_5.34-2ubuntu0.1.debian.tar.xz 35.5 KiB cbdaf035ef5c2c30b0e875742b91f2707de3846286d1ecaa12a3f2b4df349498
file_5.34-2ubuntu0.1.dsc 2.0 KiB c79bb4139d6823eda991f176f600614709ac74dd671cc2fd695d17112c7e1750

View changes file

Binary packages built by this source

file: Recognize the type of data in a file using "magic" numbers

 The file command is "a file type guesser", a command-line tool that
 tells you in words what kind of data a file contains.
 .
 This package contains the file program itself.

file-dbgsym: debug symbols for file
libmagic-dev: Recognize the type of data in a file using "magic" numbers - development

 This library can be used to classify files according to magic number
 tests.
 .
 This package contains the development files.

libmagic-mgc: File type determination library using "magic" numbers (compiled magic file)

 This package provides the compiled magic file "magic.mgc". It has
 been separated from libmagic1 in order to meet the multiarch
 requirements without breaking applications that expect this file
 at its absolute path.

libmagic1: Recognize the type of data in a file using "magic" numbers - library

 This library can be used to classify files according to magic number
 tests. It implements the core functionality of the file command.

libmagic1-dbgsym: debug symbols for libmagic1