[ubuntu/trusty-security] file 1:5.14-2ubuntu3.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jul 15 17:37:30 UTC 2014


file (1:5.14-2ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via awk rule backtracking
    - debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
      magic/Magdir/commands.
    - CVE-2013-7345
  * SECURITY UPDATE: denial of service in cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in mconvert
    - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
      string size in src/softmagic.c.
    - CVE-2014-3478
  * SECURITY UPDATE: denial of service in cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      src/cdf.c.
    - CVE-2014-3487
  * SECURITY UPDATE: denial of service via awk rule backtracking
    - debian/patches/CVE-2014-3538.patch: allow specifying lengths for
      regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
      existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
      magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
      magic/Magdir/troff, update manpage in doc/magic.man.
    - CVE-2014-3538
  * debian/patches/commands-strength.patch: reduce strength of awk rule so
    it doesn't get priority over perl scripts.

Date: 2014-07-10 17:34:12.573683+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/trusty/+source/file/1:5.14-2ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list