Date: Thu, 06 Mar 2014 06:52:03 +0100 From: Remi Collet <remi@...oraproject.org> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Le 05/03/2014 19:29, mancha a écrit : > The initial fix for this problem  had an off-by-one flaw > that has since been corrected . > > I am unsure of the policy regarding the issuance of new CVE > identifiers associated with incomplete/flawed fixes associated > with previously allocated CVEs. But, in this particular case > file 5.17 shipped with  and not .  fix a security risk.  don't fix any security risk. It's only a regression noticed when analysis some files (used in PHP test suite, p.e.). I don't think this need a new CVE. > > --mancha > >  https://github.com/file/file/commit/447558595a36 >  https://github.com/file/file/commit/70c65d2e1841 > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ