Ubuntu
file package

Change logs for file source package in Lucid

Lucid (10.04)
Change log

file (5.03-5ubuntu1.5) lucid-security; urgency=medium

  * SECURITY UPDATE: DoS via insufficient note headers
    - debian/patches/CVE-2014-3710.patch: handle running out of not headers
      in src/readelf.c.
    - CVE-2014-3710
  * SECURITY UPDATE: DoS in ELF parser
    - debian/patches/CVE-2014-8116.patch: limit number of headers and
      capabilities in src/elfclass.h, src/readelf.c.
    - CVE-2014-8116
  * SECURITY UPDATE: DoS via missing recursion limits
    - debian/patches/CVE-2014-8117.patch: lower recursion level and allow
      it to be set from the command line in src/file.{c,h},
      src/file_opts.h, src/funcs.c, src/magic.c, src/magic.h,
      src/softmagic.c, add new option to documentation in
      doc/file.man, doc/libmagic.man.
    - CVE-2014-8117
 -- Marc Deslauriers <email address hidden>   Tue, 27 Jan 2015 10:35:33 -0500

file (5.03-5ubuntu1.4) lucid-security; urgency=medium

  * SECURITY UPDATE: buffer underflow in CDF file identification
    - debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
      abort on buffer underflows.
    - CVE-2014-3587
 -- Seth Arnold <email address hidden>   Wed, 27 Aug 2014 23:36:31 -0700

file (5.03-5ubuntu1.3) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via awk rule backtracking
    - debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
      magic/Magdir/commands.
    - CVE-2013-7345
  * SECURITY UPDATE: denial of service in cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3487
 -- Marc Deslauriers <email address hidden>   Thu, 10 Jul 2014 12:20:21 -0400

file (5.03-5ubuntu1.2) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted offset in PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
    - CVE-2014-2270
 -- Marc Deslauriers <email address hidden>   Thu, 03 Apr 2014 13:35:22 -0400

file (5.03-5ubuntu1.1) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted CDF file
    - debian/patches/CVE-2012-1571.patch:
    - CVE-2012-1571
  * SECURITY UPDATE: denial of service via crafted indirect offset value
    - debian/patches/CVE-2013-1943.patch: properly handle recursion in
      src/ascmagic.c, src/file.h, src/funcs.c, src/softmagic.c.
    - CVE-2013-1943
 -- Marc Deslauriers <email address hidden>   Mon, 24 Feb 2014 13:33:26 -0500

file (5.03-5ubuntu1) lucid; urgency=low

  * Fix recognition of mime-type application/x-iso9660-image (LP: 458677)
    - add debian/patches/300-magic-fix-iso9660-image.patch
  * Fix bad tabs for OpenSSH DSA/RSA public keys (LP: 533553)
    - fix debian/patches/208-magic-add-ssh.patch
 -- TJ <email address hidden>   Sat, 6 Mar 2010 23:30:00 +0000

file (5.03-5) unstable; urgency=low

  * Adding explicit debian source version 1.0 until switch to 3.0.
  * Updating setup.py calls in rules for python2.6 again, thanks to
    Jakub Wilk <email address hidden> (Closes: #555208).
 -- Bhavani Shankar <email address hidden>   Mon,  04 Jan 2010 19:45:32 +0000

file (5.03-4ubuntu1) lucid; urgency=low

  * Add --install-layout=deb to Python install rules for dist-packages
    compatibility
 -- Scott Kitterman <email address hidden>   Tue, 22 Dec 2009 23:35:40 -0500

file (5.03-4) unstable; urgency=low

  * Adding README.source.
  * Adding patch to add new magic for Lyx (Closes: #556194).
  * Adding patch from Adam Buchbinder <email address hidden> to add
    new magic for bacula volumes (Closes: #556981).
  * Adding patch from Adam Buchbinder <email address hidden> to add
    new magic for olympus orf files (Closes: #519305).
  * Adding patch from Josh Triplett <email address hidden> to add new
    magic for gstreamer binary registry files (Closes: #559117).
  * Adding patch from Daniel Novotny <email address hidden> to add new
    magic for MDMP crash report data files.
  * Adding patch from Daniel Novotny <email address hidden> to add update
    magic for postscript fonts.
  * Adding patch from Daniel Novotny <email address hidden> to add new
    magic for xfs dumps.
  * Adding patch from Daniel Novotny <email address hidden> to add new
    magic for ppc swapfiles.
  * Adding patch from Daniel Novotny <email address hidden> to add new
    magic for delta iso files.
  * Adding patch from Daniel Novotny <email address hidden> to add new
    magic for delta rpm files.
  * Adding patch from Alexander Danilov <email address hidden>
    to add new magic for AVCHD Clip Information files (Closes: #538847).
  * Adding patch to add new magic for Chiasmus (Closes: #540368).
  * Adding patch from Adam Buchbinder <email address hidden> to
    update magic for truetype collections (Closes: #545709).
  * Adding patch from Joerg Friedrich <email address hidden>
    to add support for all flags from magic.h in python-magic (Closes:
    #529354).
  * Adding patch from Adam Buchbinder <email address hidden> to add
    new magic for HDR formats (Closes: #520416).
  * Adding patch from Adam Buchbinder <email address hidden> to add
    new magic for Foveon X3F (Closes: #516800).
  * Adding patch from Adam Buchbinder <email address hidden> to add
    new magic for Paint.NET images (Closes: #504779).
  * Adding patch to add mime type for 7-zip files (Closes: #552742).
 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  18 Dec 2009 08:42:57 +0000

file (5.03-3) unstable; urgency=low

  * Updating tgif magic, thanks to Hugo Graumann <email address hidden>
    (Closes: #549601).
  * Enabling nut magic patch.
  * Correcting wrong vcs-browser field.
  * Updating setup.py calls in rules for python2.6, thanks to Piotr
    Ozarowski <email address hidden> (Closes: #555208).

file (5.03-2) unstable; urgency=low

  * Adding patch from Adam Buchbinder <email address hidden> to add
    new magic for the NUT Container format (Closes: #528242).
  * Adding patch from Alan Woodland <email address hidden> to add new magic
    for BLCR context files (Closes: #538407).
  * Updating standards version to 3.8.3.
  * Updating maintainer field.
  * Updating vcs fields.
 -- Bhavani Shankar <email address hidden>   Fri,  04 Dec 2009 22:49:12 +0000

file (5.03-1ubuntu1) karmic; urgency=low

  * Merge from debian unstable, remaining changes:
    - call setup.py --install with --install-layout=deb
      (otherwise the build will end up in /usr/local/python2.6/dist-packages)

file (5.03-1) unstable; urgency=high

  * Merging upstream version 5.03:
    - Fixes more buffer overflows.

 -- Muharem Hrnjadovic <email address hidden>   Wed, 13 May 2009 18:29:24 +0200

Ubuntufile package

Change logs for file source package in Lucid

Ubuntu
file package