oss-sec mailing list archives
Re: Possible security fixes in 5.05?
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 7 Apr 2011 11:37:29 -0600
* [2011-03-21 23:16:15 -0600] Raphael Geissert wrote:
Hi, From file's 5.05 changelog[1] it seems like some security-relevant changes were made, but I'm unable to find further information. I saw a git repository being mentioned in a message but I can't find it either. Can anyone please shed some light to the security-related changes? I would like to encourage developers to communicate such kind of issues openly in this list, as it helps getting them fixed in distributions. Thanks in advance. [1]http://mx.gw.com/pipermail/file/2011/000690.html
Looks like there are a few issues here:
2011-01-16 19:31 Reuben Thomas <rrt at sc3d.org>
* Fix two potential buffer overruns in apprentice_list.
https://github.com/glensc/file/commit/148f1089b5c4f5ec5d51c2f147379817cb9ac47d
2010-09-20 15:24 Reuben Thomas <rrt at sc3d.org>
* Minor security fix to softmagic.c (don't use untrusted
string as printf format).
https://github.com/glensc/file/commit/b05926f28f3cab0ef77101f89be154329dcb8dea
I have not looked at them in more depth to see how much of a problem they are,
or when they were introduced (in order to know which versions are affected),
etc.
I'm cc'ing Christos to see if he can perhaps enlighten us.
--
Vincent Danen / Red Hat Security Response Team
Current thread:
- Re: Possible security fixes in 5.05? Vincent Danen (Apr 07)
- Re: Possible security fixes in 5.05? Christos Zoulas (Apr 07)
- Re: Possible security fixes in 5.05? Vincent Danen (Apr 07)
- Re: Possible security fixes in 5.05? Christos Zoulas (Apr 07)