oss-sec mailing list archives
Re: ClamAV small issues
From: Josh Bressers <bressers () redhat com>
Date: Wed, 7 Apr 2010 20:02:45 -0400 (EDT)
These are certainly worth of CVE ids, but it's going to be tricky, as the first issue is a couple of things as seen in the bug: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826 I'm going to defer this assignment to MITRE (added Steve Christey to the CC). Thanks. -- JB ----- "Jamie Strandboge" <jamie () canonical com> wrote:
FYI, not sure if these should get a CVE, but it seems that a crafted archive could bypass scanning without these commits[1]: 158c35e81a25ea5fda55a2a7f62ea9fec2e883d9 libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826) 224fee54dd6cd8933d7007331ec2bfca0398d4b4 libclamav/mspack.c: fix Quantum decompressor (bb#1771) [1] http://git.clamav.net/gitweb?p=clamav-devel.git;a=log -- Jamie Strandboge | http://www.canonical.com
-- JB
Current thread:
- ClamAV small issues Jamie Strandboge (Apr 06)
- Re: ClamAV small issues Josh Bressers (Apr 07)
- Re: ClamAV small issues Kurt Seifried (Apr 07)
- Re: ClamAV small issues Ludwig Nussel (Apr 09)
- Re: ClamAV small issues Eren Türkay (Apr 09)
- Re: ClamAV small issues Eren Türkay (Apr 09)
- Re: ClamAV small issues Ludwig Nussel (Apr 09)
- Re: ClamAV small issues Kurt Seifried (Apr 07)
- Re: ClamAV small issues Josh Bressers (Apr 07)