From ${URL} : It was reported [1][2] that a malformed elf file can cause file urility to access invalid memory. Upstream fixes that correct this: https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f https://github.com/file/file/commit/e96f86b5311572be1360ee0bb05d4926f8df3189 [1]: http://mx.gw.com/pipermail/file/2014/001649.html [2]: http://bugs.gw.com/view.php?id=409 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-9653 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9653): readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
5.22 is stable everywhere now
@ Security: Waiting for GLSA...
This issue was resolved and addressed in GLSA 201701-42 at https://security.gentoo.org/glsa/201701-42 by GLSA coordinator Aaron Bauman (b-man).
