file (1:5.14-2ubuntu3.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of notes or long
string
- debian/patches/CVE-2014-962x-pre*.patch: backport pre-requisite code
changes.
- debian/patches/CVE-2014-962x-1.patch: add a limit to the number of
ELF notes processed in doc/file.man, doc/libmagic.man,
src/apprentice.c, src/elfclass.h, src/file.c, src/file.h,
src/file_opts.h, src/magic.c, src/magic.h.in, src/readelf.c.
- debian/patches/CVE-2014-962x-2.patch: limit string printing to 100
chars, and add flags in src/readelf.c.
- CVE-2014-9620
- CVE-2014-9621
* SECURITY UPDATE: denial of service via crafted ELF file
- debian/patches/CVE-2014-9653.patch: bail out on partial reads in
src/readelf.c.
- CVE-2014-9653
* SECURITY UPDATE: memory corruption in file_check_mem.
- debian/patches/CVE-2015-8865.patch: properly calculate length in
src/funcs.c.
- CVE-2015-8865
* SECURITY UPDATE: out-of-bounds read via crafted ELF file
- debian/patches/CVE-2018-10360.patch: add bounds check to
src/readelf.c.
- CVE-2018-10360
Date: 2018-06-13 19:19:12.363327+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
https://launchpad.net/ubuntu/+source/file/1:5.14-2ubuntu3.4
Sorry, changesfile not available.
--
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes