oss-sec mailing list archives

CVE request: recursion level crash in clamav before 0.97.3

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 18 Oct 2011 12:39:59 +0200

Sadly, as we know, upstream clamav doesn't care about publishing
security advisories. They even seem to have stopped to publish new
versions on their -announce-list, so the only way to see changes is to
dig into the tar-file and see the Changelog.

This one here sounds like security relevant:
Sat Oct  8 12:10:13 EEST 2011 (edwin)
-------------------------------------
 * libclamav/bytecode.c,bytecode_api.c: fix recursion level crash (bb
   #3706).
Upstream bug is invisible to the public. Please assign CVE



Maybe others have a look at the full Changelog, but I think the rest
sounds non-security-relevant:
Mon Oct 17 18:04:30 CEST 2011 (tk)
----------------------------------
 * V 0.97.3

Mon Oct 10 14:41:48 CEST 2011 (tk)
----------------------------------
 * freshclam/manager.c: fix error when compiling without DNS support
(bb#3056)

Sat Oct  8 12:19:49 EEST 2011 (edwin)
-------------------------------------
 * libclamav/pdf.c: flag and dump PDF objects with /Launch (bb #3514)

Sat Oct  8 12:10:13 EEST 2011 (edwin)
-------------------------------------
 * libclamav/bytecode.c,bytecode_api.c: fix recursion level crash (bb
#3706).

Tue Aug  2 17:03:33 CEST 2011 (tk)
----------------------------------
 * docs: clarify behavior of --scan-*/Scan* options (bb#3134)

Mon Jul 25 16:09:19 EEST 2011 (edwin)
-------------------------------------
 * libclamav/bytecode_vm.c: fix opcode 20 error (bb #3100)

Thu Sep 15 14:44:11 CEST 2011 (tk)
----------------------------------
 * freshclam: fix pidfile removal (bb#3499)

Sun Aug 21 17:05:24 EEST 2011 (edwin)
-------------------------------------
 * libclamav/pdf.c:  fix incorrect blocking of some encrypted PDF with
empty user passwords. (bb #3364)

Wed Aug  3 15:41:28 CEST 2011 (tk)
----------------------------------
 * sigtool/sigtool.c: fix calculation of max signature length


-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Current thread:

CVE request: recursion level crash in clamav before 0.97.3 Hanno Böck (Oct 18)
- Re: CVE request: recursion level crash in clamav before 0.97.3 Josh Bressers (Oct 18)