Re: patch: fix CVE-2019-8906, CVE-2019-8904 (not sure about CVE-2019-8905, CVE-2019-8907) in sysutils/file

To: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>
Subject: Re: patch: fix CVE-2019-8906, CVE-2019-8904 (not sure about CVE-2019-8905, CVE-2019-8907) in sysutils/file
From: Benny Siegert <bsiegert%gmail.com@localhost>
Date: Sat, 16 Mar 2019 10:03:15 +0100

I committed this. Thanks!


On Thu, Feb 28, 2019 at 10:39 PM Matthias Ferdinand
<mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost> wrote:
>
> Hi,
>
> I cherry-picked some patches for the recent vulnerabilities in
> sysutils/file from the git repo at https://github.com/file/file/
>
> They needed minor modifications for pkgsrc as we are lagging some
> versions behind (pkgsrc: file-5.32; latest on astron: file-5.36).
>
> In the bugtracker for file I can see only 2 CVEs mentioned out of 4, but
> there are comments by Christos Zoulas referring to some of the
> bugtracker entries as being the same (or being fixed by the same patch).
>
> I tested against the PoC files from the bugtracker, and file does not
> crash anymore after these patches. Hopefully they are complete, but I
> cannot be really sure.
>
> Regards
> Matthias



--
Benny

References:
- patch: fix CVE-2019-8906, CVE-2019-8904 (not sure about CVE-2019-8905, CVE-2019-8907) in sysutils/file
  - From: Matthias Ferdinand

Prev by Date: Re: Testing ocaml 4.08.0
Next by Date: Re: changing the default ghostscript type
Previous by Thread: patch: fix CVE-2019-8906, CVE-2019-8904 (not sure about CVE-2019-8905, CVE-2019-8907) in sysutils/file
Next by Thread: HEADSUP: macOS binary package repository has moved
Indexes:

Home | Main Index | Thread Index | Old Index