[Pkg-clamav-devel] Bugfix for #507624 prepared
leonel
listas at enelserver.com
Wed Dec 3 18:56:09 UTC 2008
Michael Tautschnig wrote:
>> * Scott Kitterman:
>>
>>
>>> On Wed, 03 Dec 2008 12:39:59 +0100 Florian Weimer <fw at deneb.enyo.de> wrote:
>>>
>>>
>>>> Your patch looks fine. Is there a CVE yet?
>>>>
>>> As of two days ago when I put the Ubuntu change together there was not.
>>>
>> Oh well. At least for the other bug, there's a CVE (CVE-2008-5050).
>>
>> What about CVE-2008-1389?
>>
>>
>
> I've looked at the corresponding patch and the code to-be-patched. It seems like
> the version in etch(-security) is not affected, because it does not keep going
> if part of the parsing fails (which some versions in between apparently did).
>
> Best,
> Michael
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pkg-clamav-devel mailing list
> Pkg-clamav-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
>
I;ve tested the 0.92.1 Ubuntu version with this :
http://int21.de/cve/CVE-2008-1389-clamav-chd.html
and is not vulnerable ..
Leonel
More information about the Pkg-clamav-devel
mailing list