-
file (5.03-5ubuntu1.5) lucid-security; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/file.{c,h},
src/file_opts.h, src/funcs.c, src/magic.c, src/magic.h,
src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 10:35:33 -0500
-
file (5.03-5ubuntu1.4) lucid-security; urgency=medium
* SECURITY UPDATE: buffer underflow in CDF file identification
- debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
abort on buffer underflows.
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:36:31 -0700
-
file (5.03-5ubuntu1.3) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
magic/Magdir/commands.
- CVE-2013-7345
* SECURITY UPDATE: denial of service in cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3487
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 12:20:21 -0400
-
file (5.03-5ubuntu1.2) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:35:22 -0400
-
file (5.03-5ubuntu1.1) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted CDF file
- debian/patches/CVE-2012-1571.patch:
- CVE-2012-1571
* SECURITY UPDATE: denial of service via crafted indirect offset value
- debian/patches/CVE-2013-1943.patch: properly handle recursion in
src/ascmagic.c, src/file.h, src/funcs.c, src/softmagic.c.
- CVE-2013-1943
-- Marc Deslauriers <email address hidden> Mon, 24 Feb 2014 13:33:26 -0500
-
file (5.03-5ubuntu1) lucid; urgency=low
* Fix recognition of mime-type application/x-iso9660-image (LP: 458677)
- add debian/patches/300-magic-fix-iso9660-image.patch
* Fix bad tabs for OpenSSH DSA/RSA public keys (LP: 533553)
- fix debian/patches/208-magic-add-ssh.patch
-- TJ <email address hidden> Sat, 6 Mar 2010 23:30:00 +0000
-
file (5.03-5) unstable; urgency=low
* Adding explicit debian source version 1.0 until switch to 3.0.
* Updating setup.py calls in rules for python2.6 again, thanks to
Jakub Wilk <email address hidden> (Closes: #555208).
-- Bhavani Shankar <email address hidden> Mon, 04 Jan 2010 19:45:32 +0000
-
file (5.03-4ubuntu1) lucid; urgency=low
* Add --install-layout=deb to Python install rules for dist-packages
compatibility
-- Scott Kitterman <email address hidden> Tue, 22 Dec 2009 23:35:40 -0500
-
file (5.03-4) unstable; urgency=low
* Adding README.source.
* Adding patch to add new magic for Lyx (Closes: #556194).
* Adding patch from Adam Buchbinder <email address hidden> to add
new magic for bacula volumes (Closes: #556981).
* Adding patch from Adam Buchbinder <email address hidden> to add
new magic for olympus orf files (Closes: #519305).
* Adding patch from Josh Triplett <email address hidden> to add new
magic for gstreamer binary registry files (Closes: #559117).
* Adding patch from Daniel Novotny <email address hidden> to add new
magic for MDMP crash report data files.
* Adding patch from Daniel Novotny <email address hidden> to add update
magic for postscript fonts.
* Adding patch from Daniel Novotny <email address hidden> to add new
magic for xfs dumps.
* Adding patch from Daniel Novotny <email address hidden> to add new
magic for ppc swapfiles.
* Adding patch from Daniel Novotny <email address hidden> to add new
magic for delta iso files.
* Adding patch from Daniel Novotny <email address hidden> to add new
magic for delta rpm files.
* Adding patch from Alexander Danilov <email address hidden>
to add new magic for AVCHD Clip Information files (Closes: #538847).
* Adding patch to add new magic for Chiasmus (Closes: #540368).
* Adding patch from Adam Buchbinder <email address hidden> to
update magic for truetype collections (Closes: #545709).
* Adding patch from Joerg Friedrich <email address hidden>
to add support for all flags from magic.h in python-magic (Closes:
#529354).
* Adding patch from Adam Buchbinder <email address hidden> to add
new magic for HDR formats (Closes: #520416).
* Adding patch from Adam Buchbinder <email address hidden> to add
new magic for Foveon X3F (Closes: #516800).
* Adding patch from Adam Buchbinder <email address hidden> to add
new magic for Paint.NET images (Closes: #504779).
* Adding patch to add mime type for 7-zip files (Closes: #552742).
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 18 Dec 2009 08:42:57 +0000
-
file (5.03-3) unstable; urgency=low
* Updating tgif magic, thanks to Hugo Graumann <email address hidden>
(Closes: #549601).
* Enabling nut magic patch.
* Correcting wrong vcs-browser field.
* Updating setup.py calls in rules for python2.6, thanks to Piotr
Ozarowski <email address hidden> (Closes: #555208).
file (5.03-2) unstable; urgency=low
* Adding patch from Adam Buchbinder <email address hidden> to add
new magic for the NUT Container format (Closes: #528242).
* Adding patch from Alan Woodland <email address hidden> to add new magic
for BLCR context files (Closes: #538407).
* Updating standards version to 3.8.3.
* Updating maintainer field.
* Updating vcs fields.
-- Bhavani Shankar <email address hidden> Fri, 04 Dec 2009 22:49:12 +0000
-
file (5.03-1ubuntu1) karmic; urgency=low
* Merge from debian unstable, remaining changes:
- call setup.py --install with --install-layout=deb
(otherwise the build will end up in /usr/local/python2.6/dist-packages)
file (5.03-1) unstable; urgency=high
* Merging upstream version 5.03:
- Fixes more buffer overflows.
-- Muharem Hrnjadovic <email address hidden> Wed, 13 May 2009 18:29:24 +0200