oss-sec mailing list archives
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 29 Apr 2013 14:56:31 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/29/2013 02:20 PM, Salvatore Bonaccorso wrote:
Hi Kurt On Mon, Apr 29, 2013 at 01:27:18PM -0600, Kurt Seifried wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/27/2013 04:49 PM, Felix Gröbert wrote:Hi, sorry for the delayed response, I'm OOO. The bugs should be public now: https://bugzilla.clamav.net/show_bug.cgi?id=7055 heap corruption, potentially exploitable.Please use CVE-2013-2020 for this issue.
Please continue to use CVE-2013-2020 for the heap corruption issue.
https://bugzilla.clamav.net/show_bug.cgi?id=7053 overflow due to PDF key length computation. Potentially exploitable.Please use CVE-2013-2020 for this issue.Should these get separates CVE (as two different types)? Only would like to confirm, in case this was a typo.
Argh cut and paste fail (two today). Please use CVE-2013-2021 for the ClamAV PDF key length issue.
Regards, Salvatore
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRft5+AAoJEBYNRVNeJnmT2CQQAN2u5Y+AqOMZLPJgpTBP89PG 7CNbD4/MmUpRjVcoOCe1mAdDtu+VD1ttcKswdl/NsQCIe667jxMWZ+yu5KqORghh 3mt7xqbqDWwthjEnmciEUNak3rm/+tSYJnOHzFUWm+gksU2JqEIz1mmAIKJA5jw9 gx638G/POxgLtCic9LZ+kVKK36XXMHOVCvfehTM7/cGYipNqDdHdHIYszBbZALtB AXSZoPpHSOBI6El2c1MkC/dbbIl+vs6zJmJbNLKK7fZVlu8HbMuOnu/OLvT5W8qa c/pWnju0OGjgA58ysQ7TlLjalThflBRBkOstZweiF3Er51WV0x40rPonVPl8bmJ3 ORdtjB8At97qtU54cR0ApROpCO70YQVfk0XLdy1J1zkwakCekUE7RfEVAkzwZQLw n7PJ1nKylD0yD73L7pQlWhXlpnrEFytzKmv/s1SjuU7PtN9+0rhErfx4WerMg0cg WBpAm+zaruPWc8hIjmCqzJo5YsLG0yVe5cpXGRrEkzunhNCR+s/QZqdKHWfosPMf m4XNDVqhDr0IhPHKkQiTTDAhIqS2NbnyRaUqXFkQAjsuBThlHZtWIqkfhN3vU5YK +9nVWpYHJiLDJOK1Ei72VeI6siZqpRM52r1a58HBvK75s4mhcKGo/cPEGCAEal3+ cNgAUxjxyc7TZiFmPgQQ =kmmB -----END PGP SIGNATURE-----
Current thread:
- Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Jan Lieskovsky (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Felix Gröbert (Apr 27)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Salvatore Bonaccorso (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo (Apr 24)