oss-sec mailing list archives

Re: CVE request: recursion level crash in clamav before 0.97.3

From: Josh Bressers <bressers () redhat com>
Date: Tue, 18 Oct 2011 16:17:23 -0400 (EDT)

----- Original Message -----

Sadly, as we know, upstream clamav doesn't care about publishing security
advisories. They even seem to have stopped to publish new versions on
their -announce-list, so the only way to see changes is to dig into the
tar-file and see the Changelog.

This one here sounds like security relevant:
Sat Oct  8 12:10:13 EEST 2011 (edwin)
-------------------------------------
 * libclamav/bytecode.c,bytecode_api.c: fix recursion level crash (bb
   #3706).
Upstream bug is invisible to the public. Please assign CVE


Please use CVE-2011-3627.

Thanks.

-- 
    JB

Current thread:

CVE request: recursion level crash in clamav before 0.97.3 Hanno Böck (Oct 18)
- Re: CVE request: recursion level crash in clamav before 0.97.3 Josh Bressers (Oct 18)