oss-sec mailing list archives

Re: ClamAV small issues

From: Josh Bressers <bressers () redhat com>
Date: Wed, 7 Apr 2010 20:02:45 -0400 (EDT)

These are certainly worth of CVE ids, but it's going to be tricky, as the
first issue is a couple of things as seen in the bug:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826

I'm going to defer this assignment to MITRE (added Steve Christey to the CC).

Thanks.

-- 
    JB


----- "Jamie Strandboge" <jamie () canonical com> wrote:

FYI, not sure if these should get a CVE, but it seems that a crafted
archive could bypass scanning without these commits[1]:

158c35e81a25ea5fda55a2a7f62ea9fec2e883d9
libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)

224fee54dd6cd8933d7007331ec2bfca0398d4b4
libclamav/mspack.c: fix Quantum decompressor (bb#1771)


[1] http://git.clamav.net/gitweb?p=clamav-devel.git;a=log

-- 
Jamie Strandboge             | http://www.canonical.com


-- 
    JB

Current thread:

ClamAV small issues Jamie Strandboge (Apr 06)
- Re: ClamAV small issues Josh Bressers (Apr 07)
  - Re: ClamAV small issues Kurt Seifried (Apr 07)
    - Re: ClamAV small issues Ludwig Nussel (Apr 09)
    - Re: ClamAV small issues Eren Türkay (Apr 09)
    - Re: ClamAV small issues Eren Türkay (Apr 09)
    - Re: ClamAV small issues Ludwig Nussel (Apr 09)