Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version

[Gynvael Coldwind <gynvael () coldwind pl>]

Hey,

Sorry for the delay.

We've pointed ClamAV guys to this thread, since they can answer this better
than us.

At the moment I can point you to this:
https://bugzilla.clamav.net/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__closed__&product=&content=G_REPORT

Cheers,




On Tue, Mar 19, 2013 at 8:45 AM, Kurt Seifried <kseifried () redhat com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ping. I haven't seen any reply to this. Anyone have any comments on this?
>
> On 03/15/2013 08:08 AM, Jan Lieskovsky wrote:
> > Hello Mateusz, Gynvael, vendors,
> >
> > this is due the following ones: [1]
> > https://bugs.mageia.org/show_bug.cgi?id=9399 [2]
> > http://blog.clamav.net/2013/03/clamav-0977-has-been-released.html
> > [3] https://github.com/vrtadmin/clamav-devel/blob/0.97/ChangeLog
> >
> > I have tried to grep CLamAV's git log for further information, but
> > many of the commits prior to 2013-02-20 have form of:
> >
> > 'Fix CID#...' :(.
> >
> > The only two security related ones seem to be the following two:
> > commit b2212def1bb92b5ac45c82da100dc0d1376de6a3 Author: Steve
> > Morgan <smorgan () sourcefire com> Date:   Thu Feb 14 18:29:53 2013
> > -0500
> >
> > cid 10776 - fix double free
> >
> > commit 71990820d01c246e4e61408a3659dd9d92949b38 Author: Ryan
> > Pentney <rpentney () sourcefire com> Date:   Fri Feb 15 03:10:50 2013
> > -0800
> >
> > Fixed heap corruption in wwunpack.c
> >
> > We to be better able to tell, which concrete security flaws got
> > corrected in 0.97.7 version and based on that to properly allocate
> > CVE identifiers, could you please provide further information
> > about: a) how many and what kind of issues got corrected in that
> > version?, b) links to relevant upstream patches? (since patch log
> > telling CID# wouldn't be enough either to find out the appropriate
> > commits).
> >
> > Thank you for your time, look && cooperation in advance.
> >
> > Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response
> > Team
>
>
> - --
> Kurt Seifried Red Hat Security Response Team (SRT)
> PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
>
> iQIcBAEBAgAGBQJRSBegAAoJEBYNRVNeJnmT09oQAJom9BozEllOXt6tJOSpb/Bs
> xGhex4FdmeEVa5l7xI3023qMVwy7NOwxlqqBq29FZwhNAlv/6C0GSE8VhK6jKgfz
> rZovEQOAinCtSg7H1ffBKCdiS5CCoreX+PRyDBe5tZ4WhMVkO+LC0JNgeQ8EgxeM
> W+Ri6DDrS+NnuYJ05xaeOS0dGKLYIKNWpsXm3p3+B83SHIc+aOvi/7cbzUU9zk/a
> tGkct1BYGA4hXASz8ODFCUu85Rq/ZRsR+piMmzxeYHXxMe3U2H31VspMP0BLu7DT
> HYFR6kWYHr5HPjc+SOCM8NUreTkE08Y8+c1WeRlD3SZ4bYj9bCC/3Om8oiIXEn49
> YooFZCrnxJmdqGqXgYjxV9wj2ox4IEkytY6tX0NrJ3lhMuJh5U2cNcvrvsjJnWR3
> 35kalFYDPfAxHimmrwHs84Pg3UzVwgthItTPScPdRi47rNZFvnlYqim4y1IhzJR5
> 3vsIXq4D2OOkqMXEwK2x96DLuleIA+QQl4hjnnCgU44ScslLUj9lmEU335VofkBO
> CzU+11vahiNFwi8miEY9zJOyQEF5BEWrw0y3VrvJBnyDBRjdrxNNBY/fRz97gGFX
> GWAQH6pZZltzfylCNf8Me5OG6Jf3CClQ8C3FLajCOolcbNuPWcaa7suKBX1bMH6K
> YZgzMnRd2AnJAGV738o0
> =dIJo
> -----END PGP SIGNATURE-----



-- 
gynvael.coldwind//vx