Ubuntu
file package

Change logs for file source package in Wily

  1. Wily (15.10)
  2. Change log 
  • file (1:5.22+15-2ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Adjust python build dependencies for cross builds.
    - Allow the package to cross-build.
  * Dropped patches included in new version:
    - debian/patches/CVE-2014-3710.patch
    - debian/patches/CVE-2014-8116.patch
    - debian/patches/CVE-2014-8117.patch
    - debian/patches/pr398-truncate-pascal-strings.patch

file (1:5.22+15-2) unstable; urgency=medium

  * Restore detection of some jpeg files. Closes: #780095

file (1:5.22+15-1) unstable; urgency=high

  * Use upstream commit FILE5_22-11-ge452600 to include yet another
    security fix (PR/411).

file (1:5.22+2-1) unstable; urgency=medium

  * New upstream version. Closes: #774219
  * Use upstream commit FILE5_22-2-g9f0601f to include all recent
    fixes.

file (1:5.21+15-1) unstable; urgency=high

  * Fixes a security issue, urgency set to high
  * New upstream version 5.21
    - Limit number of elf program and sections processing
    - Reduce the number of recursion levels
      Closes: #773148 (CVE-2014-8116, CVE-2014-8117)
  * Use upstream commit FILE5_21-15-ge7e96a9 to include all recent
    fixes.

file (1:5.20-2) unstable; urgency=high

  * Fixes a security issue, urgency set to high
  * Cherry-pick upstream commit FILE5_20-5-g39c7ac1:
    Fix note bounds reading, Francisco Alonso / Red Hat (CVE-2014-3710).
    Closes: #768806

 -- Marc Deslauriers <email address hidden>  Thu, 21 May 2015 08:33:43 -0400
  • file (1:5.20-1ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: DoS via insufficient note headers
    - debian/patches/CVE-2014-3710.patch: handle running out of not headers
      in src/readelf.c.
    - CVE-2014-3710
  * SECURITY UPDATE: DoS in ELF parser
    - debian/patches/CVE-2014-8116.patch: limit number of headers and
      capabilities in src/elfclass.h, src/readelf.c.
    - CVE-2014-8116
  * SECURITY UPDATE: DoS via missing recursion limits
    - debian/patches/CVE-2014-8117.patch: lower recursion level and allow
      it to be set from the command line in src/apprentice.c, src/file.c,
      src/file.h, src/file_opts.h, src/funcs.c, src/magic.c,
      src/magic.h.in, src/softmagic.c, add new option to documentation in
      doc/file.man, doc/libmagic.man.
    - CVE-2014-8117
  * SECURITY UPDATE: DoS via long pascal strings
    - debian/patches/pr398-truncate-pascal-strings.patch: correctly
      calculate size in src/softmagic.c.
    - No CVE number
  * debian/libmagic1.symbols: added new symbols
 -- Marc Deslauriers <email address hidden>   Tue, 27 Jan 2015 08:28:35 -0500