oss-sec mailing list archives
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 29 Apr 2013 22:20:05 +0200
Hi Kurt On Mon, Apr 29, 2013 at 01:27:18PM -0600, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/27/2013 04:49 PM, Felix Gröbert wrote:Hi, sorry for the delayed response, I'm OOO. The bugs should be public now: https://bugzilla.clamav.net/show_bug.cgi?id=7055 heap corruption, potentially exploitable.Please use CVE-2013-2020 for this issue.https://bugzilla.clamav.net/show_bug.cgi?id=7053 overflow due to PDF key length computation. Potentially exploitable.Please use CVE-2013-2020 for this issue.
Should these get separates CVE (as two different types)? Only would like to confirm, in case this was a typo. Regards, Salvatore
Current thread:
- Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Jan Lieskovsky (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Felix Gröbert (Apr 27)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Salvatore Bonaccorso (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo (Apr 24)