Are you aware that I've submitted a few minutes ago?

is this the same bug, looks different?

yes, I am painfully aware :/ but such overlaps happen

No it is not the samew bug bug this one is the former and I've just reverted the changes from on of the patch I had sumitted.

Beside this I can not work:

 update/SLE-11> isc ci -m .
 Sending    file.changes
 Sending    file.spec
 Sending    0001-PR-313-Aaron-Reffett-Check-properly-for-exceeding-th.patch
 Server returned an error: HTTP Error 403: Forbidden
 no permission to modify package file in project SUSE:SLE-11:Update:Test
 Transmitting file data 

 update/SLE-11> isc branch -M SUSE:SLE-11:Update:Test/file
 Server returned an error: HTTP Error 400: Bad Request
 branch target package already exists: home:WernerFink:branches:SUSE:SLE-11:Update:Test/python-magic.SUSE_SLE-11_Update_Test

for SLES10-SP4 you'll find SR#33825

... please make the repository for the update for SLES-11 accessible

The following changes are currently submitted

     
     #33826  for SLE-10-SP4
     #224644 for openSUSE 12.3
     #224639 for openSUSE 13.1

for SLE-11 I can not submit ...

What should be done for

     SUSE:SLE-10-SP3:Update:Test/file
     SUSE:SLE-9-SP3:Update:Teradata:Test/file

This is an autogenerated message for OBS integration:
This bug (866750) was mentioned in
https://build.opensuse.org/request/show/224639 13.1 / file
https://build.opensuse.org/request/show/224644 12.3 / file

OK ... after resolving the link issue on the internal build service


    #33835 for SLE-11

   #33836  for SLE-9-SP3_Update_Teradata

bugbot adjusting priority

New request for SLE-10-SP4 #33910 to mark Bio-Rad patch as enabled
also request for SLE-10-SP3 #33911

CVE-2014-2270

From: "mancha" <mancha1@hush.com>
Date: Wed, 05 Mar 2014 18:29:22 +0000
To: carnil@debian.org, cve-assign@mitre.org
Cc: oss-security@lists.openwall.com

CVE Assignment Team, et al. -

The initial fix for this problem [1] had an off-by-one flaw
that has since been corrected [2].

I am unsure of the policy regarding the issuance of new CVE 
identifiers associated with incomplete/flawed fixes associated
with previously allocated CVEs. But, in this particular case
file 5.17 shipped with [1] and not [2].

--mancha

[1] https://github.com/file/file/commit/447558595a36
[2] https://github.com/file/file/commit/70c65d2e1841


Werner, can you check if we need these too? 

If you resubmit, please add CVE-2014-2270 to the .changes files too.

bugbot adjusting priority

openSUSE-SU-2014:0364-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 864589,866750
CVE References: CVE-2014-1943,CVE-2014-2270
Sources used:
openSUSE 13.1 (src):    file-5.15-4.10.1, python-magic-5.15-4.10.1
openSUSE 12.3 (src):    file-5.11-12.6.1, python-magic-5.11-12.6.1

openSUSE-SU-2014:0367-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 864589,866750
CVE References: CVE-2014-1943,CVE-2014-2270
Sources used:
openSUSE 11.4 (src):    file-5.04-16.1, python-magic-5.04-16.1

(In reply to comment #19)


> [1] https://github.com/file/file/commit/447558595a36

This one is aready part of the fixed version

> [2] https://github.com/file/file/commit/70c65d2e1841

this one is missed.

#226462
#226464
#34478
#34481
#34480
#34482

This is an autogenerated message for OBS integration:
This bug (866750) was mentioned in
https://build.opensuse.org/request/show/226461 Factory / file
https://build.opensuse.org/request/show/226462 13.1 / file
https://build.opensuse.org/request/show/226464 12.3 / file

This is an autogenerated message for OBS integration:
This bug (866750) was mentioned in
https://build.opensuse.org/request/show/227307 12.3 / file

openSUSE-SU-2014:0435-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 866750
CVE References: CVE-2014-2270
Sources used:
openSUSE 13.1 (src):    file-5.15-4.20.1, python-magic-5.15-4.20.1
openSUSE 12.3 (src):    file-5.11-12.16.1, python-magic-5.11-12.16.1

Affected packages:

SLE-11-SP3: file
SLE-10-SP3-TERADATA: file

The SWAMPID for this issue is 56831.
This issue was rated as low.
Please submit fixed packages until 2014-04-28.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

openSUSE-SU-2014:0495-1: An update that contains security fixes can now be installed.

Category: security (moderate)
Bug References: 866750
CVE References: 
Sources used:
openSUSE 11.4 (src):    file-5.04-20.1, python-magic-5.04-20.1

Update released for: file, file-debuginfo, file-debugsource, file-devel
Products:
SLE-DEBUGINFO 11-SP1-TERADATA (x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)

Update released for: file
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)

Update released for: file, file-debuginfo, file-devel
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)

Update released for: file, file-32bit, file-64bit, file-debuginfo, file-debuginfo-32bit, file-debuginfo-64bit, file-debuginfo-x86, file-debugsource, file-devel, file-x86, python-magic, python-magic-debuginfo, python-magic-debugsource
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)

released