Re: [DSA 2422-1] file security update
Hello,
Florian Weimer wrote :
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2422-1 security@debian.org
> http://www.debian.org/security/ Florian Weimer
> February 29, 2012 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : file
> Vulnerability : missing bounds checks
> Problem type : remote
> Debian-specific: no
>
> The file type identification tool, file, and its associated library,
> libmagic, do not properly process malformed files in the Composite
> Document File (CDF) format, leading to crashes.
>
> Note that after this update, file may return different detection
> results for CDF files (well-formed or not). The new detections are
> believed to be more accurate.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 5.04-5+squeeze1.
This update is not available for some architectures yet.
Is this normal ?
Reply to: