11 年前 · d5412292cb
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,46 @@
 
				+file (5.11-2+deb7u4) wheezy-security; urgency=high
			
 
				+
			
 
				+  * Fix vulnerabilites
			
 
				+    - CVE-2014-0207
			
 
				+      The cdf_read_short_sector function in cdf.c allows remote
			
 
				+      attackers to cause a denial of service (assertion failure and
			
 
				+      application exit).
			
 
				+    - CVE-2014-0237
			
 
				+      The cdf_unpack_summary_info function in cdf.c allows remote
			
 
				+      attackers to cause a denial of service (performance
			
 
				+      degradation) by triggering many file_printf calls.
			
 
				+    - CVE-2014-0238
			
 
				+      The cdf_read_property_info function in cdf.c allows remote
			
 
				+      attackers to cause a denial of service (infinite loop or
			
 
				+      out-of-bounds memory access).
			
 
				+    - CVE-2014-3478
			
 
				+      Buffer overflow in the mconvert function in softmagic.c i
			
 
				+      allows remote attackers to cause a denial of service
			
 
				+      (application crash).
			
 
				+    - CVE-2014-3479
			
 
				+      The cdf_check_stream_offset function in cdf.c in relies on
			
 
				+      incorrect sector-size data, which allows remote attackers to
			
 
				+      cause a denial of service (application crash) via a crafted
			
 
				+      stream offset in a CDF file.
			
 
				+    - CVE-2014-3480
			
 
				+      The cdf_count_chain function in cdf.c in does not properly
			
 
				+      validate sector-count data, which allows remote attackers to
			
 
				+      cause a denial of service (application crash).
			
 
				+    - CVE-2014-3487
			
 
				+      The cdf_read_property_info function does not properly validate
			
 
				+      a stream offset, which allows remote attackers to cause a
			
 
				+      denial of service (application crash).
			
 
				+    - CVE-2014-3538
			
 
				+      file does not properly restrict the amount of data read during
			
 
				+      a regex search, which allows remote attackers to cause a denial
			
 
				+      of service (CPU consumption).
			
 
				+    - CVE-2014-3587
			
 
				+      Integer overflow in the cdf_read_property_info function in
			
 
				+      cdf.c allows remote attackers to cause a denial of service
			
 
				+      (application crash).
			
 
				+
			
 
				+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Sat, 06 Sep 2014 17:10:54 +0200
			
 
				+
			
 
				 file (5.11-2+deb7u3) wheezy-security; urgency=high
			
 
				 
			
 
				   * Fix regression introduced in DSA-2873-1. Closes: #742262, #742265