oss-sec mailing list archives
CVE id request - clamav
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 15 Apr 2008 10:37:04 +0200
Hi! Clamav 0.93 was released yesterday. According to the ChangeLog, couple of security-related issue were fixed (some references in between): http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog Mon Apr 14 21:35:11 CEST 2008 (tk) ---------------------------------- * Check in 0.93 patches: - libclamunrar: bb#541 (RAR - Version required to extract - Evasion) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541 - libclamav/spin.c: bb#876 (PeSpin Heap Overflow Vulnerability) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876 (This may already have CVE id, as it seems to be some (not yet published?) iDefense advisory - IDEF2957) - libclamav/pe.c: bb#878 (Upack Buffer Overflow Vulnerability) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878 http://secunia.com/advisories/29000/ CVE-2008-1100 - libclamav/message.c: bb#881 (message.c: read beyond allocated region) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881 - libclamav/unarj.c: bb#897 (ARJ: Sample from CERT-FI hangs clamav) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=897 bug mentions CVE-2008-1387 - libclamunrar: bb#898 (RAR crashes on some fuzzed files from CERT-FI) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898 And even some fixes not mentioned in the changelog: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877 IDEF3001 -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE id request - clamav Tomas Hoger (Apr 15)
- Re: CVE id request - clamav Steven M. Christey (Apr 16)