Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 22 Apr 2009 17:43:35 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com, coley@...re.org
Subject: Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive

Stephen,

These two clamav 0.95.1 issues still need CVEs I think.

On Thu, Apr 09, 2009 at 12:15:54PM +0200, Tomas Hoger wrote:
> On Tue, 7 Apr 2009 14:08:15 +0200 Thomas Biege <thomas@...e.de> wrote:
> 
> > These two bugs possibly need a CVE-ID.
> 
> Upstream 0.95.1 seems to fix at least 2 other issues that may be of
> interest:
> 
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
> https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553
> 
> svn diff -c 5032 http://svn.clamav.net/svn/clamav-devel/
> 
> -- 
> Tomas Hoger / Red Hat Security Response Team

-- 
Working, but not speaking, for the following german company:
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux