+++ This bug was initially created as a clone of Bug #173368 +++ >>> quotation <<< 4. Additional information An unrelated CVE-2007-2026 DoS vulnerability of a file(1) utility linked with a POSIX regex(3) library on Linux systems (but not *BSD systems) is still unresolved in file-4.21, because the offending two lines in a file 'magic' were not removed by mistake, even though their correct replacements were added. The following two lines from a 'magic' file that comes with file(1) version 4.21 need to be manually removed: 100 regex/c =^\\s*call\\s+rxfuncadd.*sysloadfu OS/2 REXX batch file text 100 regex/c =^\\s*say\ ['"] OS/2 REXX batch file text >>> quotation <<< Actual Results: can fix with the patch of file-4.20
*** This bug has been marked as a duplicate of bug 174217 ***
(In reply to comment #1) > > *** This bug has been marked as a duplicate of bug 174217 *** > Point 4 in the linked advisory (CVE-2007-2026) is not fixed with 4.21. this bugreport is for version >>>>4.21<<<< not 4.20 and the bug from 4.20 is also in 4.21, so please fix it.
Sorry, didn't notice that it was not properly fixed in 4.21. Handling it on the original bug #174217.