Change logs for file source package in Precise

  • file (5.09-2ubuntu0.6) precise-security; urgency=medium
    
      * SECURITY UPDATE: DoS via insufficient note headers
        - debian/patches/CVE-2014-3710.patch: handle running out of not headers
          in src/readelf.c.
        - CVE-2014-3710
      * SECURITY UPDATE: DoS in ELF parser
        - debian/patches/CVE-2014-8116.patch: limit number of headers and
          capabilities in src/elfclass.h, src/readelf.c.
        - CVE-2014-8116
      * SECURITY UPDATE: DoS via missing recursion limits
        - debian/patches/CVE-2014-8117.patch: lower recursion level and allow
          it to be set from the command line in src/file.{c,h},
          src/file_opts.h, src/funcs.c, src/magic.c, src/magic.h,
          src/softmagic.c, add new option to documentation in
          doc/file.man, doc/libmagic.man.
        - CVE-2014-8117
      * SECURITY UPDATE: DoS via long pascal strings
        - debian/patches/pr398-truncate-pascal-strings.patch: correctly
          calculate size in src/softmagic.c.
        - No CVE number
     -- Marc Deslauriers <email address hidden>   Tue, 27 Jan 2015 10:10:29 -0500
  • file (5.09-2ubuntu0.5) precise-security; urgency=medium
    
      * SECURITY UPDATE: buffer underflow in CDF file identification
        - debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
          abort on buffer underflows.
        - CVE-2014-3587
     -- Seth Arnold <email address hidden>   Wed, 27 Aug 2014 23:34:57 -0700
  • file (5.09-2ubuntu0.4) precise-security; urgency=medium
    
      * SECURITY UPDATE: denial of service via awk rule backtracking
        - debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
          magic/Magdir/commands.
        - CVE-2013-7345
      * SECURITY UPDATE: denial of service in cdf_read_short_sector
        - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
          src/cdf.c.
        - CVE-2014-0207
      * SECURITY UPDATE: denial of service in mconvert
        - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
          string size in src/softmagic.c.
        - CVE-2014-3478
      * SECURITY UPDATE: denial of service in cdf_check_stream_offset
        - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
          src/cdf.c.
        - CVE-2014-3479
      * SECURITY UPDATE: denial of service in cdf_count_chain
        - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
          src/cdf.c.
        - CVE-2014-3480
      * SECURITY UPDATE: denial of service in cdf_read_property_info
        - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
          src/cdf.c.
        - CVE-2014-3487
      * SECURITY UPDATE: denial of service via awk rule backtracking
        - debian/patches/CVE-2014-3538.patch: allow specifying lengths for
          regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
          existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
          magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
          magic/Magdir/troff, update manpage in doc/magic.man.
        - CVE-2014-3538
     -- Marc Deslauriers <email address hidden>   Thu, 10 Jul 2014 12:00:51 -0400
  • file (5.09-2ubuntu0.3) precise-security; urgency=medium
    
      * SECURITY UPDATE: denial of service via crafted offset in PE executable
        - debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
        - CVE-2014-2270
     -- Marc Deslauriers <email address hidden>   Thu, 03 Apr 2014 13:34:02 -0400
  • file (5.09-2ubuntu0.2) precise-security; urgency=medium
    
      * SECURITY UPDATE: denial of service via crafted CDF file
        - debian/patches/CVE-2012-1571.patch:
        - CVE-2012-1571
      * SECURITY UPDATE: denial of service via crafted indirect offset value
        - debian/patches/CVE-2013-1943.patch: properly handle recursion in
          src/ascmagic.c, src/file.h, src/funcs.c, src/softmagic.c.
        - CVE-2013-1943
     -- Marc Deslauriers <email address hidden>   Wed, 26 Feb 2014 10:10:03 -0500
  • file (5.09-2) unstable; urgency=low
    
      * Adding build-arch and build-indep to rules.
      * Adding libmagic1 to depends of python-magic (Closes: #646004).
     -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  01 Nov 2011 10:32:43 +0000
  • file (5.09-1) unstable; urgency=low
    
      [ Daniel Baumann ]
      * Removing pre-squeeze conflicts against file in libmagic1.
      * Removing pre-squeeze version from python build-depends.
      * Merging upstream version 5.09.
    
      [ Judit Foglszinger ]
      * Removing magic-add-lrf.patch, went upstream.
      * Renaming doc-manpages.patch.
     -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  20 Oct 2011 06:27:36 +0000
  • file (5.08-1) unstable; urgency=low
    
    
      [ Judit Foglszinger ]
      * Merging upstream version 5.08 (Closes: #612742, #619225, #626340).
    
      [ Daniel Baumann ]
      * Adding patch from Sylvain Rabot <email address hidden> to add
        detection for shell scripts using /usr/bin/env in their shebang.
      * Removing magic-update-awk.patch, went upstream.
      * Removing magic-update-bash.patch, went upstream.
      * Removing magic-update-reiserfs.patch, went upstream.
      * Removing magic-update-tcsh.patch, went upstream.
      * Removing magic-update-zip.patch, went upstream.
      * Removing magic-update-real.patch, went upstream.
      * Removing magic-update-os2.patch, went upstream.
      * Removing magic-update-digifax.patch, went upstream.
      * Removing magic-update-mono.patch, went upstream.
      * Removing magic-update-pfm.patch, went upstream.
      * Removing magic-update-ocaml.patch, went upstream.
      * Removing magic-update-linuxswap.patch, went upstream.
      * Removing magic-update-linuxext.patch, went upstream.
      * Removing magic-update-llvm.patch, went upstream.
      * Removing magic-update-gimp.patch, went upstream.
      * Removing magic-update-wav.patch, went upstream.
      * Removing magic-update-z-machine.patch, went upstream.
      * Removing magic-update-xwd.patch, went upstream.
      * Removing magic-update-utf.patch, went upstream.
      * Removing magic-update-spectrum.patch, went upstream.
      * Removing magic-update-tgif.patch, went upstream.
      * Removing magic-update-truetype.patch, went upstream.
      * Removing magic-update-7zip.patch, went upstream.
      * Removing magic-update-lzma.patch, went upstream.
      * Removing magic-update-xz.patch, went upstream.
      * Removing magic-update-qemu.patch, went upstream.
      * Removing magic-update-psf2.patch, went upstream.
      * Removing magic-update-dyatic.patch, went upstream.
      * Removing magic-update-bio-rad.patch, went upstream.
      * Removing magic-update-icon.patch, went upstream.
      * Removing magic-add-par2.patch, went upstream.
      * Removing magic-add-pe5.patch, went upstream.
      * Removing magic-add-pdmenu.patch, went upstream.
      * Removing magic-add-powertab.patch, went upstream.
      * Removing magic-add-scummvm.patch, went upstream.
      * Removing magic-add-sgf.patch, went upstream.
      * Removing magic-add-sisu.patch, went upstream.
      * Removing magic-add-snes.patch, went upstream.
      * Removing magic-add-ssh.patch, went upstream.
      * Removing magic-add-ssl.patch, went upstream.
      * Removing magic-add-subversion.patch, went upstream.
      * Removing magic-add-supercollider.patch, went upstream.
      * Removing magic-add-xen.patch, went upstream.
      * Removing magic-add-xcursor.patch, went upstream.
      * Removing magic-add-freemind.patch, went upstream.
    
      [ Judit Foglszinger ]
      * Removing magic-add-qdbm.patch, went upstream.
      * Removing magic-add-tokyocabinet.patch, went upstream.
      * Removing magic-add-cromfs.patch, went upstream.
      * Removing magic-add-scribus.patch, went upstream.
      * Removing magic-add-selinux.patch, went upstream.
      * Removing magic-add-bzr.patch, went upstream.
      * Removing magic-add-git.patch, went upstream.
      * Removing magic-add-nut.patch, went upstream.
      * Removing magic-add-blcr.patch, went upstream.
      * Removing magic-add-lyx.patch, went upstream.
      * Removing magic-add-bacula.patch, went upstream.
      * Removing magic-add-olympus.patch, went upstream.
      * Removing magic-add-mdmp.patch, went upstream.
      * Removing magic-add-gstreamer.patch, went upstream.
      * Removing magic-add-xfsdump.patch, went upstream.
      * Removing magic-add-delta-iso.patch, went upstream.
      * Removing magic-add-delta-rpm.patch, went upstream.
      * Removing magic-add-avchd.patch, went upstream.
      * Removing magic-add-chiasmus.patch, went upstream.
      * Removing magic-add-hdr.patch, went upstream.
      * Removing magic-add-foveon-x3f.patch, went upstream.
      * Removing magic-add-paint-net.patch, went upstream.
      * Removing magic-add-dact.patch, went upstream.
      * Removing magic-add-datafork.patch, went upstream.
      * Removing magic-add-pdb.patch, went upstream.
      * Removing magic-add-gdsii.patch, went upstream.
      * Removing magic-add-canon.patch, went upstream.
      * Removing magic-add-jfs.patch, went upstream.
      * Removing magic-add-git-index.patch, went upstream.
      * Removing magic-add-erlang.patch, went upstream.
      * Removing magic-add-epub.patch, went upstream.
      * Removing magic-add-shebang.patch, went upstream.
      * Removing manpages-typo.patch, went upstream.
      * Removing manpages-typo2.patch, went upstream.
      * Removing manpages-typo3.patch, went upstream.
      * Removing file-coredump.patch, went upstream.
      * Updating file-localmagic.patch to apply cleanly after upstream
        changes.
      * Updating doc-manpages.patch to apply cleanly after upstream changes.
      * Removing conglomeration.patch, went upstream.
      * Removing file-python.patch, not needed anymore.
      * Removing unused lintian override.
      * Adding patch from Adam Buchbinder <email address hidden> to add
        new magic for BBeB ebooks (Closes: #624585).
      * Refusing to copy patchlevel.h in rules due to it's upstream removal.
      * Modifiing file-make.patch to apply after upstream changes.
      * Updating standards version to 3.9.2.
      * Adding patch from Julian Taylor <email address hidden> to
        switch from dh_pysupport to dh_python2 (Closes: #637149).
    
      [ Daniel Baumann ]
      * Updating to debhelper version 8.
      * Updating maintainer and uploaders fields.
      * Removing vcs fields.
      * Removing references to my old email address.
      * Switching to source format version 3.0 (quilt).
      * Also removing superfluous pycompat file.
      * Compacting copyright file.
      * Updating years in copyright file.
      * Renumbering remaining patches.
    
     -- Daniel Baumann <email address hidden>  Thu, 08 Sep 2011 18:24:15 +0200
  • file (5.04-5ubuntu3) oneiric; urgency=low
    
      * Switch to dh_python2.  (LP: #788514)
     -- Julian Taylor <email address hidden>   Mon, 08 Aug 2011 21:49:06 +0200