Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1692275574.220491270684965222.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Wed, 7 Apr 2010 20:02:45 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: ClamAV small issues

These are certainly worth of CVE ids, but it's going to be tricky, as the
first issue is a couple of things as seen in the bug:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826

I'm going to defer this assignment to MITRE (added Steve Christey to the CC).

Thanks.

-- 
    JB


----- "Jamie Strandboge" <jamie@...onical.com> wrote:

> FYI, not sure if these should get a CVE, but it seems that a crafted
> archive could bypass scanning without these commits[1]:
> 
> 158c35e81a25ea5fda55a2a7f62ea9fec2e883d9
> libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
> 
> 224fee54dd6cd8933d7007331ec2bfca0398d4b4
> libclamav/mspack.c: fix Quantum decompressor (bb#1771)
> 
> 
> [1] http://git.clamav.net/gitweb?p=clamav-devel.git;a=log
> 
> -- 
> Jamie Strandboge             | http://www.canonical.com

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.