pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: patch: fix CVE-2019-8906, CVE-2019-8904 (not sure about CVE-2019-8905, CVE-2019-8907) in sysutils/file



I committed this. Thanks!


On Thu, Feb 28, 2019 at 10:39 PM Matthias Ferdinand
<mf+ml.pkgsrc-users%netzwerkagentursaarland.de@localhost> wrote:
>
> Hi,
>
> I cherry-picked some patches for the recent vulnerabilities in
> sysutils/file from the git repo at https://github.com/file/file/
>
> They needed minor modifications for pkgsrc as we are lagging some
> versions behind (pkgsrc: file-5.32; latest on astron: file-5.36).
>
> In the bugtracker for file I can see only 2 CVEs mentioned out of 4, but
> there are comments by Christos Zoulas referring to some of the
> bugtracker entries as being the same (or being fixed by the same patch).
>
> I tested against the PoC files from the bugtracker, and file does not
> crash anymore after these patches. Hopefully they are complete, but I
> cannot be really sure.
>
> Regards
> Matthias



--
Benny


Home | Main Index | Thread Index | Old Index