[Pkg-clamav-devel] Bugfix for #507624 prepared
Michael Tautschnig
mt at debian.org
Wed Dec 3 18:48:54 UTC 2008
> * Scott Kitterman:
>
> > On Wed, 03 Dec 2008 12:39:59 +0100 Florian Weimer <fw at deneb.enyo.de> wrote:
> >
> >>Your patch looks fine. Is there a CVE yet?
> >
> > As of two days ago when I put the Ubuntu change together there was not.
>
> Oh well. At least for the other bug, there's a CVE (CVE-2008-5050).
>
> What about CVE-2008-1389?
>
I've looked at the corresponding patch and the code to-be-patched. It seems like
the version in etch(-security) is not affected, because it does not keep going
if part of the parsing fails (which some versions in between apparently did).
Best,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20081203/799c3948/attachment.pgp
More information about the Pkg-clamav-devel
mailing list