Your message dated Tue, 29 Oct 2019 19:47:09 +0000 with message-id <e1ipxsp-00066f...@fasolo.debian.org> and subject line Bug#942830: fixed in file 1:5.35-4+deb10u1 has caused the Debian Bug report #942830, regarding CVE-2019-18218 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 942830: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: file Severity: grave Tags: security This was assigned CVE-2019-18218: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: file Source-Version: 1:5.35-4+deb10u1 We believe that the bug you reported is fixed in the latest version of file, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 942...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Biedl <debian.a...@manchmal.in-ulm.de> (supplier of updated file package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 22 Oct 2019 21:57:17 +0200 Source: file Binary: file file-dbgsym libmagic-dev libmagic-mgc libmagic1 libmagic1-dbgsym Architecture: source armel Version: 1:5.35-4+deb10u1 Distribution: buster-security Urgency: high Maintainer: Christoph Biedl <debian.a...@manchmal.in-ulm.de> Changed-By: Christoph Biedl <debian.a...@manchmal.in-ulm.de> Description: file - Recognize the type of data in a file using "magic" numbers libmagic-dev - Recognize the type of data in a file using "magic" numbers - deve libmagic-mgc - File type determination library using "magic" numbers (compiled m libmagic1 - Recognize the type of data in a file using "magic" numbers - libr Closes: 942830 Changes: file (1:5.35-4+deb10u1) buster-security; urgency=high . * Cherry-pick commit to restrict the number of CDF_VECTOR elements. Closes: #942830 [CVE-2019-18218] Checksums-Sha1: 4bed535708f7b2bcaf6a7dcd5e13e339a79b914d 1984 file_5.35-4+deb10u1.dsc c9b0ca4143177c785225ffd01bf0d79ad166f98d 643268 file_5.35.orig.tar.xz 8d153cf634f90a40818f3ecc9abd4ed788530f5e 56264 file_5.35-4+deb10u1.debian.tar.xz 121d249785bc6d21579b1ac178afca5715346749 16820 file-dbgsym_5.35-4+deb10u1_armel.deb 8fb11ba9166bcc9751a834ff61590ae4e017da42 6695 file_5.35-4+deb10u1_armel.buildinfo 38fd942a747001bfc2c287303ea237a35239f940 65608 file_5.35-4+deb10u1_armel.deb e96d3ed510f1643d5957d163cd630bd219c97826 120820 libmagic-dev_5.35-4+deb10u1_armel.deb b956d54d68af3f49a03840e869e870958024988c 242244 libmagic-mgc_5.35-4+deb10u1_armel.deb fa7cca2e8a3bc4aa33bee1ca6d3ae479b455db55 199624 libmagic1-dbgsym_5.35-4+deb10u1_armel.deb cdd5804ce7d991c8cf016fc013aa9090bd8c6af1 110732 libmagic1_5.35-4+deb10u1_armel.deb Checksums-Sha256: d1e2d532fc2cf5cfd947b98152916b28c7a6f2c0d6b5da460dea4bc34ca01607 1984 file_5.35-4+deb10u1.dsc 60b5b8bc762d35452c7995f3db7e8a5e2004d736b8763f086585a5b1af57a632 643268 file_5.35.orig.tar.xz 7bbb38f82e1d461d923ca9a3bd9691ebca1920d04d2d78199b098c40474e9dcb 56264 file_5.35-4+deb10u1.debian.tar.xz c791064ecfa0a9b943457609d4bdfd24b655e10e1bf2679c61403c26cb8f6ccc 16820 file-dbgsym_5.35-4+deb10u1_armel.deb 1cc118796732afcc35b74517075150605c16a454ced330af6b9703f27062be8e 6695 file_5.35-4+deb10u1_armel.buildinfo 0d006fbbe917f9d54d600b4c6da8d972c740bbcf4eac46709a3aab444c2b5a91 65608 file_5.35-4+deb10u1_armel.deb ddb1c474fb652e1418c82addce8c9bf847e2474eebf5688c1fad9bb006822ed2 120820 libmagic-dev_5.35-4+deb10u1_armel.deb 64a2ffb92a7aece24b691aa7380614e2a9ebf4b21793a0ba3734448f9980c967 242244 libmagic-mgc_5.35-4+deb10u1_armel.deb 621420e7f5030f30e0d6356b8a94545c5c9d7dac39a7eeebbed0aad3cad77922 199624 libmagic1-dbgsym_5.35-4+deb10u1_armel.deb fd8f90e34a0c828c10aad4f27755bd034427713a79c237292625b5d3de58670f 110732 libmagic1_5.35-4+deb10u1_armel.deb Files: 09af6654a52f2c86c68bc419368d8f72 1984 utils standard file_5.35-4+deb10u1.dsc 186a9b910e68547dac02cd2b8579e0b8 643268 utils standard file_5.35.orig.tar.xz 96bbc2a41c1651524055574d99efad7b 56264 utils standard file_5.35-4+deb10u1.debian.tar.xz bb5704b3a38297e8067f65915a3cf20a 16820 debug optional file-dbgsym_5.35-4+deb10u1_armel.deb 16ae776752148b51b88405d7f3114315 6695 utils standard file_5.35-4+deb10u1_armel.buildinfo 33254c6c16bc9432de562dd85ee83afe 65608 utils standard file_5.35-4+deb10u1_armel.deb 9803745aeb109a30bbd4cdde9208f1ba 120820 libdevel optional libmagic-dev_5.35-4+deb10u1_armel.deb b39243f05301d15cc4ae2c74d3349b1e 242244 libs optional libmagic-mgc_5.35-4+deb10u1_armel.deb f3713c08a156c3342cdb31a081f68472 199624 debug optional libmagic1-dbgsym_5.35-4+deb10u1_armel.deb be05fe48259c5280e8dfec4321089821 110732 libs optional libmagic1_5.35-4+deb10u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAl2x/VQACgkQxCxY61kU kv2YsA//TPgIZCvckywXQ7KwkuWNPtN6KzTEQp0lDf3KbA8lFCGHEc12BQVkgghI SvNtPK8D93uTrIsv/2Z673rc47TEeBrMwRum2e/+qSAnALxgx1Ywx/AVdBhDlDUg HqhVsOFj/HGpLZ1M3Wt470RUlDJRTbKMKDkagJ0RD2NFvgCqJPbikZupJfisBO3N 3K9Q6/BlsND/HaMMnTlnbXg091WAWQncft/l8RKcpFmwwfLDa3ZBmSpfi3SyU11V abhuxOUOQsCy3rQGYfsyZPLhoJAlcCIMRndiF/62nxRAl7SFHHjdzV+e3Va2vnre 7DgFV2dMqJpO1Gr3Viryd2PUetRgTJOzczPul0D5LJWrk6MtjATJJeuvrq8A3Qx7 WghZQ1SS91ha192ENjKL0qU6e9CYY3Y15JCJi2L81+eiVpjbNI2vXt6MhJbx1u/A hlyWP8vEOrfmdDkOtp8pn7yP94dNwrzYeehEUOxtc2M2jYn6fJ3IQo17VP71j9JW s0BjEVUOpMhX9HOjjTHn9xYuvG1nzRLVKUZjME8AIrOR71bzjfLU9kQVn8U6cUct j7efF2bgn43zCfaxXDC6LB56kduwVVr141eONuDJ3+iyl9Dh6S0QuoaHdWFAXqzT wK9RjHL+/Lb0u+QEeiEWD0lUYn7patofGGE8GsHcdgYRw0AaeeU= =U+gb -----END PGP SIGNATURE-----
--- End Message ---
