[blfs-dev] Upcoming BLFS-7.5 release : security issues

Pierre Labastie pierre.labastie at neuf.fr
Mon Mar 3 13:20:01 PST 2014


Two points, which I'd like to raise before the release:

1. MIT Kerberos:
You may remember that I had some difficulty with tests in MIT Kerberos. I
reported upstream and this lead to the following two commits:

I do not know whether it may be considered a security issue, but since it
makes the database code loop forever, I guess it could...

If you are OK, I can make a patch and update the instructions.

2. PHP fileinfo extension:
An issue has been discovered in the libmagic code
See also http://mx.gw.com/pipermail/file/2014/001327.html

It is corrected in file 5.17, but PHP ships a modified version of libmagic,
which is also affected. It is used in the fileinfo extension. Upstream has
corrected this on Feb 18, so after the last stable release. See the commit at:
(put on one line)

I have not had time to investigate more. Is fileinfo extension built in our build?


More information about the blfs-dev mailing list