git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Browse Source

file 5.11-2+deb7u4

Christoph Biedl 11 years ago
parent
b95c2c0fbf
commit
d5412292cb
1 changed files with 43 additions and 0 deletions
Split View Show Diff Stats
  1. 43 0
      debian/changelog

+ 43 - 0
debian/changelog
View File 

@@ -1,3 +1,46 @@
 
+file (5.11-2+deb7u4) wheezy-security; urgency=high
 
+
 
+  * Fix vulnerabilites
 
+    - CVE-2014-0207
 
+      The cdf_read_short_sector function in cdf.c allows remote
 
+      attackers to cause a denial of service (assertion failure and
 
+      application exit).
 
+    - CVE-2014-0237
 
+      The cdf_unpack_summary_info function in cdf.c allows remote
 
+      attackers to cause a denial of service (performance
 
+      degradation) by triggering many file_printf calls.
 
+    - CVE-2014-0238
 
+      The cdf_read_property_info function in cdf.c allows remote
 
+      attackers to cause a denial of service (infinite loop or
 
+      out-of-bounds memory access).
 
+    - CVE-2014-3478
 
+      Buffer overflow in the mconvert function in softmagic.c i
 
+      allows remote attackers to cause a denial of service
 
+      (application crash).
 
+    - CVE-2014-3479
 
+      The cdf_check_stream_offset function in cdf.c in relies on
 
+      incorrect sector-size data, which allows remote attackers to
 
+      cause a denial of service (application crash) via a crafted
 
+      stream offset in a CDF file.
 
+    - CVE-2014-3480
 
+      The cdf_count_chain function in cdf.c in does not properly
 
+      validate sector-count data, which allows remote attackers to
 
+      cause a denial of service (application crash).
 
+    - CVE-2014-3487
 
+      The cdf_read_property_info function does not properly validate
 
+      a stream offset, which allows remote attackers to cause a
 
+      denial of service (application crash).
 
+    - CVE-2014-3538
 
+      file does not properly restrict the amount of data read during
 
+      a regex search, which allows remote attackers to cause a denial
 
+      of service (CPU consumption).
 
+    - CVE-2014-3587
 
+      Integer overflow in the cdf_read_property_info function in
 
+      cdf.c allows remote attackers to cause a denial of service
 
+      (application crash).
 
+
 
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Sat, 06 Sep 2014 17:10:54 +0200
 
+
 
 file (5.11-2+deb7u3) wheezy-security; urgency=high
 
 
   * Fix regression introduced in DSA-2873-1. Closes: #742262, #742265