Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130429202005.GA2009@elende>
Date: Mon, 29 Apr 2013 22:20:05 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com, kseifried@...hat.com
Cc: Felix Gröbert <groebert@...gle.com>,
	Henri Salo <henri@...v.fi>, Jan Lieskovsky <jlieskov@...hat.com>,
	"Steven M. Christey" <coley@...us.mitre.org>,
	draynor@...rcefire.com
Subject: Re: Multiple potential security issues fixed in
 ClamAV 0.97.8 - any further details?

Hi Kurt

On Mon, Apr 29, 2013 at 01:27:18PM -0600, Kurt Seifried wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 04/27/2013 04:49 PM, Felix Gröbert wrote:
> > Hi,
> > 
> > sorry for the delayed response, I'm OOO.
> > 
> > The bugs should be public now:
> > 
> > https://bugzilla.clamav.net/show_bug.cgi?id=7055 heap corruption,
> > potentially exploitable.
> 
> Please use CVE-2013-2020 for this issue.
> 
> > https://bugzilla.clamav.net/show_bug.cgi?id=7053 overflow due to
> > PDF key length computation. Potentially exploitable.
> 
> Please use CVE-2013-2020 for this issue.

Should these get separates CVE (as two different types)? Only would
like to confirm, in case this was a typo.

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.