|
Message-ID: <1270584234.17769.212.camel@severus.strandboge.com>
Date: Tue, 06 Apr 2010 15:03:54 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: oss-security <oss-security@...ts.openwall.com>
Subject: ClamAV small issues
FYI, not sure if these should get a CVE, but it seems that a crafted
archive could bypass scanning without these commits[1]:
158c35e81a25ea5fda55a2a7f62ea9fec2e883d9
libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
224fee54dd6cd8933d7007331ec2bfca0398d4b4
libclamav/mspack.c: fix Quantum decompressor (bb#1771)
[1] http://git.clamav.net/gitweb?p=clamav-devel.git;a=log
--
Jamie Strandboge | http://www.canonical.com
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.