Your message dated Fri, 01 Mar 2019 09:04:43 +0000
with message-id <[email protected]>
and subject line Bug#922969: fixed in file 1:5.35-3
has caused the Debian Bug report #922969,
regarding file: CVE-2019-8906
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
922969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922969
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: file
Version: 1:5.35-2
Severity: important
Tags: security upstream
Forwarded: https://bugs.astron.com/view.php?id=64
Hi,
The following vulnerability was published for file.
CVE-2019-8906[0]:
| do_core_note in readelf.c in libmagic.a in file 5.35 has an
| out-of-bounds read because memcpy is misused.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-8906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8906
[1] https://bugs.astron.com/view.php?id=64
[2] https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: file
Source-Version: 1:5.35-3
We believe that the bug you reported is fixed in the latest version of
file, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <[email protected]> (supplier of updated file
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 01 Mar 2019 09:27:11 +0100
Source: file
Architecture: source
Version: 1:5.35-3
Distribution: unstable
Urgency: medium
Maintainer: Christoph Biedl <[email protected]>
Changed-By: Christoph Biedl <[email protected]>
Closes: 922967 922968 922969
Changes:
file (1:5.35-3) unstable; urgency=medium
.
* Cherry-pick many commits since 5.35 release that seem wise to
include in buster.
* Closes: #922967 [CVE-2019-8904]
* Closes: #922968 [CVE-2019-8905 CVE-2019-8907]
* Closes: #922969 [CVE-2019-8906]
* Cherry-pick two documentation fix commits
Checksums-Sha1:
76a59377ffb2115d1c31dbb8f11373b968b2e58a 1952 file_5.35-3.dsc
7df5a92b759aba4d8b72cad4dcab387df4a5e1e3 55244 file_5.35-3.debian.tar.xz
0f32cd7194e11704bf32d544a11db7d617fe5308 6407 file_5.35-3_powerpc.buildinfo
Checksums-Sha256:
1024aabf9c2e4d55cca323bd7596d5a2428ef31e46353cb155cf8a808bcaa9b7 1952
file_5.35-3.dsc
1de25d65bcf3d782b049a4c60f83bb58971a98c938207c20c2c9e1d4659440d5 55244
file_5.35-3.debian.tar.xz
6bc76d9ce6357c6eaaeacbe5272c80f1d183630cbb9929a161d2caf95009e529 6407
file_5.35-3_powerpc.buildinfo
Files:
31403e901adae0d4d96a471dbc1282cc 1952 utils standard file_5.35-3.dsc
38bd39ad34d470a05055be2510cfadd4 55244 utils standard file_5.35-3.debian.tar.xz
68d6734709344135fa504cc1b08f214b 6407 utils standard
file_5.35-3_powerpc.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAlx48VwACgkQxCxY61kU
kv2jQA/7BNq1+vBEAIX/ocqvvYsCtSb1bEKnD1yR6NPtMbRr2HCyB6jgExnjtdqC
Sc6W2lXO/iBekawFuEonPy/HkudfPH+ytCnNIQFcOaJvJ1RwDATLbOQ3OPrdxdxj
i5Bib4pw6Er4qOnCjFuZs7+HeV3d3kuDsNrIbZW4/Dt9rod/YS+MElu/gZm+tixR
cOjSTCYJmrdz3ktWlpjYWFhCCAYonmbjwAEz7oE7JE3496MpsO/OsVUd/ixVPdZ8
3cSDRM8z4o612tF2Yl30aRyXgfExueo4Gk3S55z6yupJW033Mzlvyhi+969Q9Snp
yN9+eXeuBOS5O6qKQEbRQ/rPjpaZAgFDEtstzbtlqiwBO0EMJJBB4dnaLPJ/2SBI
K1OZzr0gu6Q4looHzbfw2w3ljlBbFnOBQ6RIEEZ9bxKJa3kTokdC1s0AZEKGIW0e
Algp28sDcikhTLwhLMRceh6vjVf2ejI5Xn3DRHyhkQ02M8W6YGezqhAjwU0h5fLB
0WmozHykFFL2kX9RLMDE9haaZk6YA7yl0Uwuk3CAqEzcT9Bmj/Zv6+m+ky5Cg/lq
Sb+/YQE6Q6TZEwTo0azokGkSfFMFS+p8UyQ4PdFBIq/7G6bv1ZMr+g4cbV2wDQZu
xEcvxl6eKruGBJ/NxtPiH4D8pLoVbzuUZQFSvVmZ9wQVzHJuKn8=
=wvTW
-----END PGP SIGNATURE-----
--- End Message ---
