Date: Wed, 05 Mar 2014 18:29:22 +0000 From: "mancha" <mancha1@...h.com> To: carnil@...ian.org, cve-assign@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables On Wed, 05 Mar 2014 17:08:17 +0000 cve-assign@...re.org wrote: >> file can be made to crash when checking some corrupt PE >> executables, and so could be used to mount a denial of service >>for file, or an application using file/libmagic. >> >> http://bugs.gw.com/view.php?id=313 >> https://github.com/glensc/file/commit/447558595a3650db2886cd > >Use CVE-2014-2270. > CVE Assignment Team, et al. - The initial fix for this problem  had an off-by-one flaw that has since been corrected . I am unsure of the policy regarding the issuance of new CVE identifiers associated with incomplete/flawed fixes associated with previously allocated CVEs. But, in this particular case file 5.17 shipped with  and not . --mancha  https://github.com/file/file/commit/447558595a36  https://github.com/file/file/commit/70c65d2e1841
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ