From nobody@FreeBSD.org  Fri May 15 00:26:40 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4687A106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 15 May 2009 00:26:40 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 33BBE8FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 15 May 2009 00:26:40 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n4F0QeD8017982
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 15 May 2009 00:26:40 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n4F0QdgW017981;
	Fri, 15 May 2009 00:26:39 GMT
	(envelope-from nobody)
Message-Id: <200905150026.n4F0QdgW017981@www.freebsd.org>
Date: Fri, 15 May 2009 00:26:39 GMT
From: bf <bf2006a@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: file(1) 5.00 subject to bugs and security vulnerabilities
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         134550
>Category:       bin
>Synopsis:       file(1) 5.00 subject to bugs and security vulnerabilities
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 15 00:30:01 UTC 2009
>Closed-Date:    Mon May 18 22:39:20 UTC 2009
>Last-Modified:  Mon May 18 22:39:20 UTC 2009
>Originator:     bf
>Release:        8-CURRENT i386
>Organization:
-
>Environment:
>Description:
Version 5.00 of file(1), which was recently imported into 8-CURRENT in svn 
r191739 on 2 May 2009, has been found to have a number of bugs and security
vulnerabilities, one of which is described in CVE 2009-1515 (which was publicized on 28 April 2009!):

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1515

>How-To-Repeat:

>Fix:
Please import file 5.03 or later:

ftp://ftp.astron.com/pub/file/file-5.03.tar.gz

in the place of file 5.00.  This later version includes fixes for the above bug and for a number of other problems.

Thanks,
         b.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: delphij 
State-Changed-When: Mon May 18 22:35:10 UTC 2009 
State-Changed-Why:  
file(1) upgraded to 5.03 in -HEAD, and CVE-2009-1515 seems 
to affect file(1) 5.00+ so I think this can be closed, let 
me know if I was wrong. 


Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Mon May 18 22:35:10 UTC 2009 
Responsible-Changed-Why:  
Grab. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134550 
>Unformatted:
