oss-sec mailing list archives

Re: request for CVE: clamav 0.94 release

From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 4 Sep 2008 12:44:44 -0400 (EDT)


On Wed, 3 Sep 2008, Marcus Meissner wrote:

The full changelog has those apparent security related entries:
 * fix out-of-memory null dereferenc (bb#1141)


Use CVE-2008-3912, to be filled in later.  I have mixed opinions on
out-of-memory null dereferences, though in security software it seems
reasonable to flag it.

 * fix possible invalid memory access (bb#1089)


CVE-2008-1389 as mentioned by Hanno.

 * fix error path memleaks and fd leaks (bb#1141)


Use CVE-2008-3913 for the memory leak.

Use CVE-2008-3914 for the fd leak.

- Steve

Current thread:

request for CVE: clamav 0.94 release Marcus Meissner (Sep 03)
- Re: request for CVE: clamav 0.94 release Hanno Böck (Sep 04)
- Re: request for CVE: clamav 0.94 release Steven M. Christey (Sep 04)