Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20110924074749.GA17242@foo.fgeek.fi>
Date: Sat, 24 Sep 2011 10:47:49 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: bressers@...hat.com, coley@...re.org, jmm@...til.org
Subject: Re: CVE-request: clamav floating point exception in
 OLE2 scanner DoS

On Thu, Aug 04, 2011 at 09:59:03AM +0300, Henri Salo wrote:
> Can I get CVE-2007-* identifier for ScanOLE2 issue? RFC2397-issue is CVE-2007-4510. I don't know if there are CVEs for other fixed issues, but I will try to find out.
> 
> """
> clamav (0.91.2-1) unstable; urgency=low
> 
>   * New upstream version
>     - fix call to tolower() which led to a crash in libclamav
>     - fix possible NULL dereference, e.g. when parsing email with RFC2397
>       URI
>     - fix floating point exception when using ScanOLE2
>     - fix possible NULL dereference in rtf.c
> 
>  -- Stephen Gran <sgran@...ian.org>  Tue, 21 Aug 2007 11:17:01 +0100
> """
> 
> Related information:
> - Temporary ID: http://security-tracker.debian.org/tracker/TEMP-0000000-6B8835
> - http://www.debian.org/security/2007/dsa-1366

Never got assigned. Is it possible to get 2007 ID for this?

Best regards,
Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.