Your message dated Sat, 17 Sep 2016 13:08:06 +0100
with message-id <[email protected]>
and subject line Closing p-u bugs for updates in 8.6
has caused the Debian Bug report #823794,
regarding jessie-pu: package file/1:5.22+15-2+deb8u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
823794: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823794
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie
User: [email protected]
Usertags: pu
Hello release team,
the stable security team suggested to fix CVE-2015-8865¹ in the
file package via a point relase.
Description: "Buffer over-write in finfo_open with malformed magic
file". If a magic file is unter attacker's control, this can be abused
to crash file.
The debdiff is attached.
Regards,
Christoph
¹https://security-tracker.debian.org/tracker/CVE-2015-8865
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.4.9 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
diff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog
--- file-5.22+15/debian/changelog 2015-09-13 18:27:47.000000000 +0200
+++ file-5.22+15/debian/changelog 2016-05-09 08:23:30.000000000 +0200
@@ -1,3 +1,10 @@
+file (1:5.22+15-2+deb8u2) stable; urgency=high
+
+ * Fix CVE-2015-8865:
+ Buffer over-write in finfo_open with malformed magic file.
+
+ -- Christoph Biedl <[email protected]> Mon, 09 May 2016
08:18:53 +0200
+
file (1:5.22+15-2+deb8u1) stable; urgency=medium
* Fix handling of file's --parameter option. Closes: #798410
diff -Nru file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch
file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch
--- file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch 1970-01-01
01:00:00.000000000 +0100
+++ file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch 2016-05-09
08:17:17.000000000 +0200
@@ -0,0 +1,24 @@
+Subject: Buffer over-write in finfo_open with malformed magic file
+ID: CVE-2015-8865
+Upstream-Author: Christos Zoulas <[email protected]>
+Author: Christos Zoulas <[email protected]>
+Date: Wed Jun 3 18:01:20 2015 +0000
+Origin: FILE5_22-75-g6713ca4
+Origin: https://bugs.php.net/bug.php?id=71527 (Original bug report)
+Origin: http://bugs.gw.com/view.php?id=522 (bug report for file)
+
+ [ Original description: ]
+ PR/454: Fix memory corruption when the continuation level jumps by more
than
+ 20 in a single step.
+
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -401,7 +401,7 @@
+ size_t len;
+
+ if (level >= ms->c.len) {
+- len = (ms->c.len += 20) * sizeof(*ms->c.li);
++ len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
+ ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
+ malloc(len) :
+ realloc(ms->c.li, len));
diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series
--- file-5.22+15/debian/patches/series 2015-09-13 18:26:26.000000000 +0200
+++ file-5.22+15/debian/patches/series 2016-05-09 08:10:53.000000000 +0200
@@ -12,3 +12,4 @@
0013-jpeg.c5d7f4d.patch
cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch
cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch
+CVE-2015-8865.6713ca4.patch
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Version: 8.6
The updates referred to in each of these bugs were included in today's
stable point release.
Regards,
Adam
--- End Message ---
