On Sat, Feb 15, 2014 at 12:48 AM, Lior Kaplan kap...@debian.org wrote:
The question is: do we want to patch this ourselves, or wait for PHP to
provide the fix based on the linked commits? I guess the latter would be
best, unless it will take them too much time.
Fix by upstream (from the PHP
Hi!
On Tue, Feb 18, 2014 at 04:58:08PM +0200, Lior Kaplan wrote:
On Sat, Feb 15, 2014 at 12:48 AM, Lior Kaplan kap...@debian.org wrote:
The question is: do we want to patch this ourselves, or wait for PHP to
provide the fix based on the linked commits? I guess the latter would be
best,
clone 738832 -1
reassign -1 php5
retitle -1 'CVE-2014-1943: crafted files might result in long computation times'
thanks
Hi,
On Thu, Feb 13, 2014 at 11:30:44AM +0100, Christoph Biedl wrote:
Package: file
Version: 5.11-2
Severity: grave
Tags: security
[ Re-sent to BTS by request of the
On Fri, Feb 14, 2014 at 11:53 PM, Salvatore Bonaccorso car...@debian.orgwrote:
I clone this bugreport, as php5 embedding a modified copy of libmagic
would also be affected by CVE-2014-1943.
Thanks.
I've looked at the build logs it does seems like the fileinfo extension
uses the internal
Package: file
Version: 5.11-2
Severity: grave
Tags: security
[ Re-sent to BTS by request of the security team, also updated ]
a bug in the handling of indirect magic rules of libmagic leads to
an infinite recursion when trying to determine the file type of
certain files. The has been assigned
5 matches
Mail list logo
