[Secure-testing-commits] r11748 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Thu Apr 30 20:14:55 UTC 2009
Author: gilbert-guest
Date: 2009-04-30 20:14:55 +0000 (Thu, 30 Apr 2009)
New Revision: 11748
Modified:
data/CVE/list
Log:
clamav not affected by CVE-2008-5525
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-30 18:16:47 UTC (rev 11747)
+++ data/CVE/list 2009-04-30 20:14:55 UTC (rev 11748)
@@ -6156,7 +6156,11 @@
CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, ...)
NOT-FOR-US: DrWeb Anti-virus
CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is ...)
- - clamav <unfixed> (medium; bug #526041)
+ - clamav <not-affected> (medium; bug #526041)
+ NOTE: this issue refers to a clamav antivirus bypass that occurs when the user
+ NOTE: is using IE6 or IE7 to open a malicious page with an MZ header
+ NOTE: - all other browsers are not vulnerable
+ NOTE: - see http://xforce.iss.net/xforce/xfdb/47435 and bug report for details
CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 ...)
NOT-FOR-US: CAT-QuickHeal
CVE-2008-5523 (avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, ...)
More information about the Secure-testing-commits
mailing list