Package "python-magic"
Name: |
python-magic
|
Description: |
File type determination library using "magic" numbers (Python bindings)
|
Latest version: |
5.09-2ubuntu0.8 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Head package: |
file |
Homepage: |
http://www.darwinsys.com/file/ |
Links
Download "python-magic"
Other versions of "python-magic" in Precise
Changelog
file (5.09-2ubuntu0.8) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: buffer overflow via CDF_VECTOR elements
- debian/patches/CVE-2019-18218.patch: limit the number of elements in
a vector in src/cdf.*.
- CVE-2019-18218
-- <email address hidden> (Leonidas S. Barbosa) Thu, 31 Oct 2019 11:42:33 -0300
|
Source diff to previous version |
CVE-2019-18218 |
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow ( |
|
file (5.09-2ubuntu0.6) precise-security; urgency=medium
* SECURITY UPDATE: DoS via insufficient note headers
- debian/patches/CVE-2014-3710.patch: handle running out of not headers
in src/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: DoS in ELF parser
- debian/patches/CVE-2014-8116.patch: limit number of headers and
capabilities in src/elfclass.h, src/readelf.c.
- CVE-2014-8116
* SECURITY UPDATE: DoS via missing recursion limits
- debian/patches/CVE-2014-8117.patch: lower recursion level and allow
it to be set from the command line in src/file.{c,h},
src/file_opts.h, src/funcs.c, src/magic.c, src/magic.h,
src/softmagic.c, add new option to documentation in
doc/file.man, doc/libmagic.man.
- CVE-2014-8117
* SECURITY UPDATE: DoS via long pascal strings
- debian/patches/pr398-truncate-pascal-strings.patch: correctly
calculate size in src/softmagic.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Tue, 27 Jan 2015 10:10:29 -0500
|
Source diff to previous version |
CVE-2014-3710 |
out-of-bounds read in elf note headers |
CVE-2014-8116 |
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of |
CVE-2014-8117 |
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or cra |
|
file (5.09-2ubuntu0.5) precise-security; urgency=medium
* SECURITY UPDATE: buffer underflow in CDF file identification
- debian/patches/CVE-2014-3587.patch: modify src/cdf.c to detect and
abort on buffer underflows.
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 27 Aug 2014 23:34:57 -0700
|
Source diff to previous version |
CVE-2014-3587 |
Integer overflow in the cdf_read_property_info function in cdf.c in ... |
|
file (5.09-2ubuntu0.4) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2013-7345.patch: limit to 100 repetitions in
magic/Magdir/commands.
- CVE-2013-7345
* SECURITY UPDATE: denial of service in cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in src/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
src/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service via awk rule backtracking
- debian/patches/CVE-2014-3538.patch: allow specifying lengths for
regex in src/apprentice.c, src/file.h, src/softmagic.c, adjust
existing expressions in magic/Magdir/commands, magic/Magdir/fortran,
magic/Magdir/graphviz, magic/Magdir/marc21, magic/Magdir/scientific,
magic/Magdir/troff, update manpage in doc/magic.man.
- CVE-2014-3538
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2014 12:00:51 -0400
|
Source diff to previous version |
CVE-2013-7345 |
The BEGIN regular expression in the awk script detector in ... |
CVE-2014-0207 |
cdf_read_short_sector insufficient boundary check |
CVE-2014-3478 |
mconvert incorrect handling of truncated pascal string size |
CVE-2014-3479 |
cdf_check_stream_offset insufficient boundary check |
CVE-2014-3480 |
cdf_count_chain insufficient boundary check |
CVE-2014-3487 |
cdf_read_property_info insufficient boundary check |
CVE-2014-3538 |
file before 5.19 does not properly restrict the amount of data read ... |
|
file (5.09-2ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted offset in PE executable
- debian/patches/CVE-2014-2270.patch: check bounds in src/softmagic.c.
- CVE-2014-2270
-- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 13:34:02 -0400
|
CVE-2014-2270 |
softmagic.c in file before 5.17 and libmagic allows context-dependent ... |
|
About
-
Send Feedback to @ubuntu_updates