[Secure-testing-commits] r24728 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 13 05:42:09 UTC 2013
Author: carnil
Date: 2013-12-13 05:42:07 +0000 (Fri, 13 Dec 2013)
New Revision: 24728
Modified:
data/CVE/list
Log:
Three further CVEs for clamav assigned.
One is not yet fully investigated, if I understand the mails from MITRE
correctly.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-13 05:08:00 UTC (rev 24727)
+++ data/CVE/list 2013-12-13 05:42:07 UTC (rev 24728)
@@ -1,3 +1,14 @@
+CVE-2013-7089 [dbg_printhex possible information leak]
+ - clamav 0.97.7+dfsg-1
+ NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804
+CVE-2013-7088 [buffer overflow]
+ - clamav 0.97.7+dfsg-1
+ NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6809
+ NOTE: https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd
+CVE-2013-7087 [[clamav: WWPack corrupt heap memory]
+ - clamav 0.97.7+dfsg-1
+ NOTE: https://github.com/vrtadmin/clamav-devel/commit/71990820d01c246e4e61408a3659dd9d92949b38
+ NOTE: from https://github.com/vrtadmin/clamav-devel/commits/master/libclamav/wwunpack.c
CVE-2013-7085 [uscan: broken handling of filenames with whitespace]
- devscripts <unfixed> (bug #732006)
[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
@@ -1194,9 +1205,6 @@
CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
- clamav 0.97.7+dfsg-1
NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
-CVE-2013-XXXX [clamav: WWPack corrupt heap memory]
- - clamav 0.97.7+dfsg-1
- NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not properly ...)
NOT-FOR-US: Hardware bug in some AMD CPU revisions
NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/1
More information about the Secure-testing-commits
mailing list