mailing list archives
Re: Bugs in "file" program VU#621745
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 29 Feb 2012 18:52:30 +0100
* Kurt Seifried:
We recently pointed the CERT BFF at the ubiquitous "file" command
and found a few bugs. While we've not proven the bugs to be
exploitable, we've also not ruled out the possibility that they
Fixes were committed on Feb 16, 2012:
If any of these are security issues please let me know and I will
assign CVE #'s.
file also provides a library, libmagic. This could lead to crashes of
server processes which use libmagic. Debian will likely release a fix
as a security update.