Your message dated Sun, 24 Nov 2019 23:03:01 +0000 with message-id <e1iz0ud-00062s...@fasolo.debian.org> and subject line Bug#942830: fixed in file 1:5.30-1+deb9u3 has caused the Debian Bug report #942830, regarding CVE-2019-18218 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 942830: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942830 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: file Severity: grave Tags: security This was assigned CVE-2019-18218: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: file Source-Version: 1:5.30-1+deb9u3 We believe that the bug you reported is fixed in the latest version of file, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 942...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Biedl <debian.a...@manchmal.in-ulm.de> (supplier of updated file package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 22 Oct 2019 22:20:07 +0200 Source: file Binary: file libmagic1 libmagic-mgc libmagic-dev python-magic python3-magic Architecture: source Version: 1:5.30-1+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Christoph Biedl <debian.a...@manchmal.in-ulm.de> Changed-By: Christoph Biedl <debian.a...@manchmal.in-ulm.de> Description: file - Recognize the type of data in a file using "magic" numbers libmagic-dev - Recognize the type of data in a file using "magic" numbers - deve libmagic-mgc - File type determination library using "magic" numbers (compiled m libmagic1 - Recognize the type of data in a file using "magic" numbers - libr python-magic - Recognize the type of data in a file using "magic" numbers - Pyth python3-magic - Recognize the type of data in a file using "magic" numbers - Pyth Closes: 942830 Changes: file (1:5.30-1+deb9u3) stretch-security; urgency=high . * Cherry-pick commit to restrict the number of CDF_VECTOR elements. Closes: #942830 [CVE-2019-18218] Checksums-Sha1: 7a9d69c90f81795415d898a4e2a54e96a8a2713f 2166 file_5.30-1+deb9u3.dsc 59169a53e5f93ec18a48ad1e7c9b3d90343e4a49 40224 file_5.30-1+deb9u3.debian.tar.xz 8ac150161aa9a9fe602cce9621c1cbff4dc74d60 8533 file_5.30-1+deb9u3_armel.buildinfo Checksums-Sha256: ef90aa103f3ed04e3c8b199533a2197405599a38bc8091fb8170b20d6d7a18c2 2166 file_5.30-1+deb9u3.dsc 03fa6392b9681915e386d93baa729ebbde3fa1d204a34368eb1877302ebbf4d7 40224 file_5.30-1+deb9u3.debian.tar.xz 07b3170a1a9eea160f3fbaaf1981a24449b3cbb9a9b8f8970a6059ba08a3195a 8533 file_5.30-1+deb9u3_armel.buildinfo Files: c0152d3db87d778c71db1ec268edc214 2166 utils standard file_5.30-1+deb9u3.dsc a2519cdc84b4322426d83973a64a5d8d 40224 utils standard file_5.30-1+deb9u3.debian.tar.xz 238ac0ae550cf19ffa70651bfcee23c2 8533 utils standard file_5.30-1+deb9u3_armel.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAl2xUgMACgkQxCxY61kU kv0+fw//RUY7azyvE+L58FFFnUupK+wRCUBYWxyL0a/BTqBIWYhcDFYyLEtDLjIj qQnw9ArDHT/lRZnQCDOnHILUbZZLLEQ8dc2T76YZqU2tyUsynHjTOgE8cvesv/D/ 85r1gB/VQV4IC3tQFfH90AP8yLlSsuiJhce/sSJ9xfvPjtz8LMwZeVoEobl5BpUK 8eDPacisEaubayqOicfvr0Gl6Rctd6K6C0rsYGFis10ED4MpyQ7VasAUlQYLLuKA zHqorqIX7Mm0fsRRyb7ECQa8ywAeHDfBDg3KAL5EP5VfpasT2PGrpCLRgQif/fwE 6Ue87gRuQFYxGycdOrNLx6XVQev+8EcyxbLA89dwcRz7HB8zUXbVvX+6wWY8PC1R xZdR6IAlzLahpiPLDnRCQfkaGJsksuR0m/89DsDA/00jnkXyM9PTU7xzlwMaV4H0 q1b86VY8EiPDGJCr3xwF2p/VrTVLIAxfTfyrQ0b8e7mr2TfnUXKELDXMAsT4+XXs K5m3s+PVw6d1fHLeKgBUDV42zVFDDsd1rzF2KVUclryBgUQHTIHi0kCpn67QWiVO rHJVvScO+ivnGGGRHumaUVDsIKLgVsq/GUrJ0AyURY0z65PIVRcx/9jI/zJOFKZR RnyHISshpT9u2KVg2sMsNA7sA7DnyLJnvc6nRC+EcqJT+jpRDe4= =wNbr -----END PGP SIGNATURE-----
--- End Message ---
