[SECURITY] [DLA 50-1] file security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : file
Version : 5.04-5+squeeze7
CVE ID : CVE-2014-3538 CVE-2014-3587
Debian Bug : -
CVE-2014-3538
file does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a
denial of service (CPU consumption).
CVE-2014-3587
Integer overflow in the cdf_read_property_info function in
cdf.c allows remote attackers to cause a denial of service
(application crash).
Note: The other seven issues for wheezy, fixed in 5.11-2+deb7u4
(DSA-3021-1), were already handled in 5.04-5+squeeze6 (DLA 27-1) in
July 2014. Also, as an amendment, as a side effect of the changes
done back then then, the MIME type detection of some files had
improved from "application/octet-stream" to something more specific
like "application/x-dosexec" or "application/x-iso9660-image".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJUEHOjAAoJEMQsWOtZFJL9Y/gQAMDAMjK8UZTt27h/rNVhsRQH
039RdMhB8QXDdc2DPlzf8hUcNP49CRzL5IhWT2EuX7/p4mCz79pQK0L4Co6RLUGg
8jlfjAi5ZbwcaWotXZOezxF1QXnYeySz26hpwEJ2oXc4NI9qe2zkvQI3kUekAA1g
322jK5x8bTy/707DsiwtslQMR4bsM89XFaATViPx/MuWRGqPasaFGxEhkLRlAhd1
gwk0viR+pmc+3sraNvnrvBMn8ioPr67LbouVGvx+GUV/siO9+eDW8jYNK25fXqAr
+8neNml0azX8VOdHIMzJFz0VF95mQ5Ce7J0SJVnr/bparvUG0w4FXeibAjJcgTrW
ozNwvTxkkd+lH+NgFAMDwPkzZnmbyUcxoEdDkxvrUGtLpcJePlgV6ybLn04uv1D6
De1knNx5nt4RDnR9Vx8f4l9p+If8bN82qVAanfD2T25WkzeZwZEvp63O9srPAQGp
5mYA4UOwbLABgaLALcwLGAcf1lmJlMq4Hgj17IbNgtgfrKHSLj/inGiCAjexkzSl
b+9ftERmr1xmCpPNAcUd0JK/03M528D+sekz99zCjebMQ6oduHHdQ2EHnqNldaAU
Fu2AFf/ESQGQZVZIHgmYiUZN6Hwk9lnQ30He8p92tR3lvlUSQAU/SFsp5kFerelJ
eTy5WGy+cT4TCzRPNZAV
=3/vn
-----END PGP SIGNATURE-----
Reply to: