Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 05 Mar 2014 18:29:22 +0000
From: "mancha" <>
Subject: Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables

On Wed, 05 Mar 2014 17:08:17 +0000 wrote:
>> file can be made to crash when checking some corrupt PE 
>> executables, and so could be used to mount a denial of service
>>for file, or an application using file/libmagic.
>Use CVE-2014-2270.

CVE Assignment Team, et al. -

The initial fix for this problem [1] had an off-by-one flaw
that has since been corrected [2].

I am unsure of the policy regarding the issuance of new CVE 
identifiers associated with incomplete/flawed fixes associated
with previously allocated CVEs. But, in this particular case
file 5.17 shipped with [1] and not [2].



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ