"Integer underflow in the file_printf function in the "file" program
before 4.20 allows user-assisted attackers to execute arbitrary code via
a file that triggers a heap-based buffer overflow."
Is FreeBSD 5.x/6.x affected too? It looks the System has file 4.12. The
port has 4.20.
"It is not unix's job to stop you from shooting your foot. If you so
choose to do so, then it is UNIX's job to deliver Mr. Bullet to Mr Foot
in the most efficient way it knows."