pkg_admin audit: file-5.19 vulnerabilities?

To: pkgsrc-users%netbsd.org@localhost
Subject: pkg_admin audit: file-5.19 vulnerabilities?
From: Matthias Ferdinand <mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost>
Date: Mon, 29 Sep 2014 16:50:12 +0200

Hi,

"pkg_admin audit" shows these vulnerabilities in file-5.19:

Package file-5.19 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
Package file-5.19 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
Package file-5.19 has a integer-overflow vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

As far as I can tell, these apply to PHP trying to gather information
about .cdf files (probably using some code from file).

Can someone verify if these are vulnerabilities in "file" itself and
still apply to file-5.19?

Regards
Matthias Ferdinand

Prev by Date: pkgsrc freeze extended by 2 days
Next by Date: Change to nagios-base package.
Previous by Thread: pkgsrc freeze extended by 2 days
Next by Thread: Change to nagios-base package.
Indexes:

Home | Main Index | Thread Index | Old Index