oss-sec mailing list archives

Re: CVE id request: Clamav

From: Eren Türkay <turkay.eren () gmail com>
Date: Tue, 17 Jun 2008 11:55:10 +0300

On 17 Jun 2008 Tue 10:38:13 Eren Türkay wrote:

  * libclamav/mbox.c, shared/network.c: prevent uninitialized use of
hostent structure (bb #1003).

The bug entry says that after zip file's arriving at clamd, it suddenly
dies and nothing can be retrieved thereafter. Clamav developer also
comfirms that this happens when MailFollowURLs is enabled.


Hello,

I talked to Edwin on #clamav channel. He says this is a rare-case and he 
thinks that it's a vulnerability rather than a security flaw.

Edwin, could you please inform us about important vulnerabilities/security 
flaws fixed in 0.93.1?

My best regards,
Eren

Current thread:

CVE id request: Clamav Steffen Joeris (Jun 15)
- Re: CVE id request: Clamav Tomas Hoger (Jun 16)
- Re: CVE id request: Clamav Steven M. Christey (Jun 16)
- Re: CVE id request: Clamav Eren Türkay (Jun 17)
  - Re: CVE id request: Clamav Eren Türkay (Jun 17)
    - Re: CVE id request: Clamav Török Edwin (Jun 17)