pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg_admin audit: file-5.19 vulnerabilities?



Hi,

"pkg_admin audit" shows these vulnerabilities in file-5.19:

Package file-5.19 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
Package file-5.19 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
Package file-5.19 has a integer-overflow vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587

As far as I can tell, these apply to PHP trying to gather information
about .cdf files (probably using some code from file).

Can someone verify if these are vulnerabilities in "file" itself and
still apply to file-5.19?

Regards
Matthias Ferdinand


Home | Main Index | Thread Index | Old Index