From ${URL} : An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash. Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 Acknowledgements: This issue was discovered by Francisco Alonso of the Red Hat Product Security. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Commit message: Add fix from upstream for ELF note parsing http://sources.gentoo.org/sys-apps/file/files/file-5.20-elf-note.patch?rev=1.1 http://sources.gentoo.org/sys-apps/file/file-5.20-r1.ebuild?rev=1.1
CVE-2014-3710 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3710): The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
This issue was resolved and addressed in GLSA 201701-42 at https://security.gentoo.org/glsa/201701-42 by GLSA coordinator Aaron Bauman (b-man).