oss-sec mailing list archives
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables
From: Remi Collet <remi () fedoraproject org>
Date: Thu, 06 Mar 2014 06:52:03 +0100
Le 05/03/2014 19:29, mancha a écrit :
The initial fix for this problem [1] had an off-by-one flaw that has since been corrected [2]. I am unsure of the policy regarding the issuance of new CVE identifiers associated with incomplete/flawed fixes associated with previously allocated CVEs. But, in this particular case file 5.17 shipped with [1] and not [2].
[1] fix a security risk. [2] don't fix any security risk. It's only a regression noticed when analysis some files (used in PHP test suite, p.e.). I don't think this need a new CVE.
--mancha [1] https://github.com/file/file/commit/447558595a36 [2] https://github.com/file/file/commit/70c65d2e1841
Current thread:
- CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso (Mar 03)
- Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables cve-assign (Mar 05)
- Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso (Mar 05)
- Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Stuart Henderson (Mar 13)
- <Possible follow-ups>
- Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables mancha (Mar 05)
- Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Remi Collet (Mar 06)
- Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables cve-assign (Mar 05)