oss-sec mailing list archives
CVE Request: clamav-milter on Ubuntu
From: Jamie Strandboge <jamie () canonical com>
Date: Fri, 1 May 2009 09:17:24 -0500
Due to a typo, the clamav-milter initscript would change the owner of the current directory to clamav (or whatever User is set to in clamd.conf). This typically affects the '/' directory, but could affect any directory on the system. This is all documented in the Ubuntu bug[1]. This was introduced in this commit: http://git.debian.org/?p=pkg-clamav/clamav.git;a=commitdiff;h=c4e1bf5d98637c0219852eaac768170bf8aef2fc;hp=5a2b5013440c4b81d0eb3233072c88564a15fc5d 0.95.1+dfsg-1ubuntu1 and 0.95.1+dfsg-1ubuntu1.1 on Ubuntu 9.04 are affected, but earlier versions are not. It looks like Debian never released with this code, and version 0.95.1+dfsg-2 (in Debian/unstable) is not affected. Derivatives of Ubuntu 9.04 are presumably affected. Can we get a CVE for this? Jamie [1] https://bugs.launchpad.net/bugs/365823 -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: clamav-milter on Ubuntu Jamie Strandboge (May 01)
- Re: CVE Request: clamav-milter on Ubuntu Steven M. Christey (May 21)