Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Feb 2012 14:49:28 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: "CERT(R) Coordination Center" <cert@...t.org>
Subject: Re: Bugs in "file" program VU#621745

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/20/2012 10:53 AM, CERT(R) Coordination Center wrote:
> Hi folks,
> 
> We recently pointed the CERT BFF at the ubiquitous "file" command
> and found a few bugs.  While we've not proven the bugs to be
> exploitable, we've also not ruled out the possibility that they
> could be.
> 
> Fixes were committed on Feb 16, 2012: 
> https://github.com/glensc/file/commits/master
> 
> 
> Thank you, Will Dormann
> 
> ============================= Vulnerability Analyst CERT
> Coordination Center 4500 Fifth Ave. Pittsburgh, PA 15213 
> 1-412-268-7090 =============================
> 

If any of these are security issues please let me know and I will
assign CVE #'s.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPQr/oAAoJEBYNRVNeJnmTlZcP/2jltmmsUM84A5nH+JjWREDn
m7Ywd2Jbo/fxr9c09jjakHscVqJLA1VjBtKOB7zcWYyR6St7P4vAIsQMo1yWGel9
fz9W5mfSKxErHM4nlFhaHOND8B1KQ73Dtk5ojDPkGuRfDxkT86rEraOPyccMTVue
xNz4P9+X8tgz0M5Zlrflm2CkyN3K9ls0ZZffFQsjAdOaEMuTkkq+POSGHvgN378r
oStze+kvg+aS2klP0D7ik7A3DJYzaFiRw425AgXaFkHPtR+AMt6/fopOSRv+x+wB
A4THNe7G0LEA1dxBNmCFaG+FW9e8SZjlRkoDfmpT4vVFcumB1pEK4R6a4E5nOH4w
xKmaKIc2x7nBTMKjZfiFWr7reb4+Ml9WvR5RGOf4zsTR8HRqYZxzfQAkSCzi0rPZ
kvNTRAvvHYFeKQy+XZZD+AZoIrj8y62foH2YKrEBnwp7y+7J4kKZHdkIGZjn8g9L
mhb0YXTZuH4OcT+dNE1SryvWCeNmc9cY+GKQ/Fl+rmIqeO5fqDLunzbqGmGYvA7J
Xyhx8bXmjBfkPm2yYKokAGdpR8qsWWLwnAphnM+TLRSK/ro7E+PBW1rl9Ioz3//v
Qljs+CcIjx4iff14JBazuACQ0kORy8uG9tQBq48uwSQDB2apHOHPJ2EAT47tJkXG
KL5sxD25MfFrCMH0dj40
=GhYv
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.