[Pkg-clamav-devel] Bugfix for #507624 prepared

Michael Tautschnig mt at debian.org
Wed Dec 3 18:48:54 UTC 2008

> * Scott Kitterman:
> > On Wed, 03 Dec 2008 12:39:59 +0100 Florian Weimer <fw at deneb.enyo.de> wrote:
> >
> >>Your patch looks fine.  Is there a CVE yet?
> >
> > As of two days ago when I put the Ubuntu change together there was not.
> Oh well.  At least for the other bug, there's a CVE (CVE-2008-5050).
> What about CVE-2008-1389?

I've looked at the corresponding patch and the code to-be-patched. It seems like
the version in etch(-security) is not affected, because it does not keep going
if part of the parsing fails (which some versions in between apparently did).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20081203/799c3948/attachment.pgp 

More information about the Pkg-clamav-devel mailing list