On Thu, 08 Jan 2015, Moritz Muehlenhoff wrote: > Multiple security issues have been found in file, a tool/library to
For the record, the "file" package currently in wheezy-backports is in dire need of a security update. It is in fact quite dangerous to run it if you have it installed together with, e.g., amavisd-new or anything else that will run file/libmagic on untrusted data from the network. I do have a private backport of file/5.21+15, but it is a quick hack job that dropped multiarch and build-profile support to ease backporting. If someone has a better backport that preserves multiarch support, please upload. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
