-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2422-2 security@xxxxxxxxxx http://www.debian.org/security/ Thijs Kinkhorst May 09, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file Vulnerability : regression fix Problem type : remote Debian-specific: no CVE ID : CVE-2012-1571 A regression was discovered in the security update for file, which lead to false positives on the CDF format. This update fixes that regression. For reference the original advisory text follows. The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File (CDF) format, leading to crashes. Note that after this update, file may return different detection results for CDF files (well-formed or not). The new detections are believed to be more accurate. For the stable distribution (squeeze), this problem has been fixed in version 5.04-5+squeeze2. We recommend that you upgrade your file packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJPqrXUAAoJEOxfUAG2iX57TGYH/A6pECZxJm/wGWMSFdwopEAt qt82sYxL8p2lWRNdz2cP5BiexDxh242XuZ7infVjMEvHKbp2u4OEpaw/vu26Pxs6 JnWCAGrr0QSCy+v4rMpYwift5q5aL1b6N3OhLRndstzSRecpZNjWJ6XbU4d1UZFY RGl6tNGk+gTGwHNhr4wQme0JsgXvvDnas592ikVB0E+RFne5HC1lAPDvb+URVkc4 A0p8dDcxlQzbN59SN3s/RGQj/SJSNIIheBgzlVSqG8aHuW7WXcPH4wRPJT+sjxp7 7nGFzpn77D43l3g1dOyUhFdtCxa7GRAWXuZHFKDxZjJsDA6qrxPuV/rZ2aMqke8= =Q0M1 -----END PGP SIGNATURE-----
