Debian Bug report logs -
#777585
file: CVE-2014-9653
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 10 Feb 2015 08:33:01 UTC
Severity: important
Tags: confirmed, security, upstream
Found in versions file/5.11-2+deb7u7, file/5.04-5+squeeze9, file/1:5.20-2
Fixed in versions file/1:5.22+15-1, file/5.11-2+deb7u8, file/5.04-5+squeeze10
Done: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Bug is archived. No further changes may be made.
Forwarded to http://bugs.gw.com/view.php?id=409
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
Bug#777585; Package file.
(Tue, 10 Feb 2015 08:33:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Christoph Biedl <debian.axhn@manchmal.in-ulm.de>.
(Tue, 10 Feb 2015 08:33:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: file
Severity: important
Tags: security
Hi,
this was assigned CVE-2014-9653:
http://bugs.gw.com/view.php?id=409
Patch by Alexander:
http://mx.gw.com/pipermail/file/2014/001649.html
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 10 Feb 2015 08:48:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#777585; Package file.
(Wed, 11 Feb 2015 07:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
Extra info received and forwarded to list.
(Wed, 11 Feb 2015 07:39:04 GMT) (full text, mbox, link).
Message #14 received at 777585@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 777585 confirmed
# all distributions are affected
found 777585 5.04-5+squeeze9
found 777585 5.11-2+deb7u7
found 777585 1:5.20-2
found 777585 1:5.22+15-1
thanks
[signature.asc (application/pgp-signature, inline)]
Added tag(s) confirmed.
Request was from Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
to control@bugs.debian.org.
(Wed, 11 Feb 2015 07:39:08 GMT) (full text, mbox, link).
Marked as found in versions file/5.04-5+squeeze9.
Request was from Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
to control@bugs.debian.org.
(Wed, 11 Feb 2015 07:39:08 GMT) (full text, mbox, link).
Marked as found in versions file/5.11-2+deb7u7.
Request was from Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
to control@bugs.debian.org.
(Wed, 11 Feb 2015 07:39:09 GMT) (full text, mbox, link).
Marked as found in versions file/1:5.20-2.
Request was from Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
to control@bugs.debian.org.
(Wed, 11 Feb 2015 07:39:10 GMT) (full text, mbox, link).
Marked as found in versions file/1:5.22+15-1.
Request was from Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
to control@bugs.debian.org.
(Wed, 11 Feb 2015 07:39:11 GMT) (full text, mbox, link).
No longer marked as found in versions file/1:5.22+15-1.
Request was from Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
to control@bugs.debian.org.
(Sun, 15 Feb 2015 18:36:05 GMT) (full text, mbox, link).
Marked as fixed in versions file/1:5.22+15-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 15 Feb 2015 21:39:09 GMT) (full text, mbox, link).
Reply sent
to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
You have taken responsibility.
(Sun, 22 Mar 2015 21:21:13 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Sun, 22 Mar 2015 21:21:13 GMT) (full text, mbox, link).
Message #33 received at 777585-close@bugs.debian.org (full text, mbox, reply):
Source: file
Source-Version: 5.11-2+deb7u8
We believe that the bug you reported is fixed in the latest version of
file, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 777585@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <debian.axhn@manchmal.in-ulm.de> (supplier of updated file package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 15 Feb 2015 19:00:38 +0100
Source: file
Binary: file libmagic1 libmagic-dev python-magic python-magic-dbg
Architecture: source amd64
Version: 5.11-2+deb7u8
Distribution: wheezy-security
Urgency: high
Maintainer: Daniel Baumann <daniel.baumann@progress-technologies.net>
Changed-By: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Description:
file - Determines file type using "magic" numbers
libmagic-dev - File type determination library using "magic" numbers (developmen
libmagic1 - File type determination library using "magic" numbers
python-magic - File type determination library using "magic" numbers (Python bin
python-magic-dbg - File type determination library using "magic" numbers (Python bin
Closes: 777585
Changes:
file (5.11-2+deb7u8) wheezy-security; urgency=high
.
* Fix partial reads in readelf.c [CVE-2014-9653]. Closes: #777585
Checksums-Sha1:
7f88132c683b7cb9514c831ae4c051e6605c3177 1997 file_5.11-2+deb7u8.dsc
87eb1c065e27ee06d84967d074d6ca19af6ab100 47936 file_5.11-2+deb7u8.debian.tar.xz
2ace2c05e9631206b42bed1a7f7d298c3fadf51e 53394 file_5.11-2+deb7u8_amd64.deb
cfeb8a9c302ec64167fded99b21ad35d01fd42f7 204770 libmagic1_5.11-2+deb7u8_amd64.deb
1da9f90e85beca6d6d4d1265a24ee80504ccb690 94674 libmagic-dev_5.11-2+deb7u8_amd64.deb
c3bd0b76960dc5916d3e4b742c02cd365882f151 39266 python-magic_5.11-2+deb7u8_amd64.deb
a1f52fc9d3d94f221293a4ef8476d16e15fb7768 944 python-magic-dbg_5.11-2+deb7u8_amd64.deb
Checksums-Sha256:
5615a16d8a1d7355c1fcffa2605f283c4d61e5e4ad12ffd44b1e41a4f7ab21ed 1997 file_5.11-2+deb7u8.dsc
fcadc7193bed962feae829c922964551b0765808c4f52f49ce031310330ba865 47936 file_5.11-2+deb7u8.debian.tar.xz
e1a75027d9adbe758ffa5ae31f3f1a28576f419c7d88496ff140fb7ade6830c2 53394 file_5.11-2+deb7u8_amd64.deb
575f0b8098977a8b84e1b94fb428afeed43d134784df45ae8d62e5d67add8ee6 204770 libmagic1_5.11-2+deb7u8_amd64.deb
bacd870430bd3f8c254c46f3996584419dc150a4944aa68fc83282f4a98b4406 94674 libmagic-dev_5.11-2+deb7u8_amd64.deb
3e97a621a882f26cf1c1d9a277270253f17444fcc4735c9b7374da29858c5226 39266 python-magic_5.11-2+deb7u8_amd64.deb
7d9748be2c0a94763aab2e2804cc59bcdff8b926e3a55f7f5068d343f4b348b0 944 python-magic-dbg_5.11-2+deb7u8_amd64.deb
Files:
ff8c257505ebc198f9ae3c9fa94c10c4 1997 utils standard file_5.11-2+deb7u8.dsc
aaed8dbb9d292a962c68ad469982bbfd 47936 utils standard file_5.11-2+deb7u8.debian.tar.xz
083cbf160a80502b01ed3d2ce1bd0757 53394 utils standard file_5.11-2+deb7u8_amd64.deb
91381aa26623ef5e206d8b81bfe568ef 204770 libs standard libmagic1_5.11-2+deb7u8_amd64.deb
c2c599b303de939a068021b4061badfd 94674 libdevel optional libmagic-dev_5.11-2+deb7u8_amd64.deb
d20a886b48ea71f048faff8855095c9f 39266 python extra python-magic_5.11-2+deb7u8_amd64.deb
0eaaa89a0ca1a24eed51f254ef87e208 944 debug extra python-magic-dbg_5.11-2+deb7u8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVCZtQAAoJEBDCk7bDfE42Mc4P/3/FlDalW1NZV3RkD4jbbqHe
RUV/7Z3dwV/pqiFokQxY8hTjQnwHRSb/GDwuLU99MSW6CKGeObAfV5jFN3wBMxSh
gQq2MSpywqzM9YE5f58h6pvnPsNZ/UR1yKEbx4h/MjjXSpxbAhmmsp6/hYV3MziE
t1e06wsZL/ZMSb3OkWGscaZOlOLEBRgu4BSYrRdQ2k+czodL8HLQwdYwfE3IyAYe
G8NcXgAUyk+/Ly8CTPdUfK5pRGSIThv/sSqQURaYxARNkgZ1ezmdy5daYIDLRG/N
8kEj2I+Ke564GgS2NKsmiuNMdkCOGZ414I6GlHNwphOYegrmIa2IubmUVWOnBeY1
GRpA6sleGGYUe6Gb514oxQivAjWqxb9w16GXC1WslEwZ++Bs2Hexy//tbmLQG2Nl
CL8VSSN962+BzUcWhKSTRcka67SZPfn1hMzXqcYYfiCyEVg9re7RyyJFgzBhHsWQ
LhppOy1tV6Jl0MNF5291drJmKJToBuxmvsccBbfeVY7VN23hGCOw+LMSEbxSdpI3
H5T4+aZOcNc05OXTvKkR+pSXb+PQGKnx+5EoQxFosQVBp8+Kb4vtbAgtTxEYqpmy
OwGAWM5X/fMQamgi2w4unMAKPskhg/bWwz8mw1W3XSD29rkx/emOcMymDn5dFjT+
7DBFTfBzjQJLXzDfKDc5
=Uuc8
-----END PGP SIGNATURE-----
Reply sent
to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
You have taken responsibility.
(Mon, 20 Apr 2015 07:21:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Mon, 20 Apr 2015 07:21:05 GMT) (full text, mbox, link).
Message #38 received at 777585-close@bugs.debian.org (full text, mbox, reply):
Source: file
Source-Version: 5.04-5+squeeze10
We believe that the bug you reported is fixed in the latest version of
file, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 777585@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <debian.axhn@manchmal.in-ulm.de> (supplier of updated file package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 19 Apr 2015 13:23:01 +0200
Source: file
Binary: file libmagic1 libmagic-dev python-magic python-magic-dbg
Architecture: source amd64
Version: 5.04-5+squeeze10
Distribution: squeeze-lts
Urgency: high
Maintainer: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Changed-By: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Description:
file - Determines file type using "magic" numbers
libmagic-dev - File type determination library using "magic" numbers (developmen
libmagic1 - File type determination library using "magic" numbers
python-magic - File type determination library using "magic" numbers (Python bin
python-magic-dbg - File type determination library using "magic" numbers (Python bin
Closes: 777585
Changes:
file (5.04-5+squeeze10) squeeze-lts; urgency=high
.
* Fix partial reads in readelf.c [CVE-2014-9653]. Closes: #777585
Checksums-Sha1:
10323b44c74511f7e7f9778a44b46721e70f561e 1634 file_5.04-5+squeeze10.dsc
53d30dca6b1443de13f79714a71c10a53fc0f40b 83229 file_5.04-5+squeeze10.diff.gz
4dd4d06d0bddf315be4e7fb98b3aab51bacd236e 51140 file_5.04-5+squeeze10_amd64.deb
cf89bd06983464d3f377a6f2c0122a35b9167802 238072 libmagic1_5.04-5+squeeze10_amd64.deb
1dcf142e8206d00e426393a0167a9deedb6f72df 110770 libmagic-dev_5.04-5+squeeze10_amd64.deb
fa11b7fc4e6651841593200e6d64869207ab4300 39300 python-magic_5.04-5+squeeze10_amd64.deb
c0141cd53e4140b497feda445a1ff72861fe49b8 32470 python-magic-dbg_5.04-5+squeeze10_amd64.deb
Checksums-Sha256:
8a0b705d4db679bcb1d631f80b4a5cc6d84dda843902fbb2a0c1d0349aabc4cb 1634 file_5.04-5+squeeze10.dsc
bece6f6d4e91acd5cd1fdb3dfb99aa7fad35b83f78475a1251703c833d0b7784 83229 file_5.04-5+squeeze10.diff.gz
71d2c6da1019be8c1fa249c30a15f4b253ae246fd876e7ade37a847315712788 51140 file_5.04-5+squeeze10_amd64.deb
d06ebfb21622c8d6d7134266a0cd777cd42f64dbfa53ea4e437ea8f2576fda31 238072 libmagic1_5.04-5+squeeze10_amd64.deb
eff893e5d4cad413752bc1c373e3c04466603528895be841ec6d727360d4cc32 110770 libmagic-dev_5.04-5+squeeze10_amd64.deb
c4cc920ffcb085685697caf7c17744dd353fb361132e7825d6726b9f806ad571 39300 python-magic_5.04-5+squeeze10_amd64.deb
44c926504c043b62c5c740658c5e45ce1a4691e131f207b5ae924a592608aaa9 32470 python-magic-dbg_5.04-5+squeeze10_amd64.deb
Files:
3c852718e6d323cc949e33c01304941f 1634 utils standard file_5.04-5+squeeze10.dsc
9f6c12972f24eb2d1c279d72f37245ca 83229 utils standard file_5.04-5+squeeze10.diff.gz
f7936411d345239e82608ffb001aeaf1 51140 utils standard file_5.04-5+squeeze10_amd64.deb
9a8e7e723b5efa2da0970142f9fe7880 238072 libs standard libmagic1_5.04-5+squeeze10_amd64.deb
ca7af8371e1e43f85175bd33cea8dd9d 110770 libdevel optional libmagic-dev_5.04-5+squeeze10_amd64.deb
23c6e174caf699b5ea502839ec33a561 39300 python extra python-magic_5.04-5+squeeze10_amd64.deb
7ab6a43e341eae10c50646deb47c0669 32470 debug extra python-magic-dbg_5.04-5+squeeze10_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Signed by Raphael Hertzog
iQEcBAEBCAAGBQJVNKVVAAoJEAOIHavrwpq5LjUH/jkyEhO5q/QFaBZnwhn/IPBB
ZB+diX1Ab1FZWhXxuSM+MtMpXJEy2dOU380wK6R0bxW7VaU0dAvw0wh4wzGWgaAp
PbV73njr3S0aHzcezN4eO8Kkya6ynuoUy5/VqGkYOlAU9+ZPOu98S+9xw4zqWtpO
qqzGEymVuB58SAFhH/p+KIWkDLR8JiACCpX7l7dBmob8Z8D3A32B7BFy2/NiNcXU
EgdmFuPOYX2USkIkJAW6NHYNTNv09biQAaGqMQE8uwyMnYCJ7/s0eYYdzrP3uR09
3/L56Fz3uIYHFVUOK+XgRwk0J8QjW0f8bVK87CPIylq8ZOfFBIlwULteN6c2HEA=
=lqB3
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 18 May 2015 07:27:54 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:37:02 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon