[Pkg-clamav-devel] Bugfix for #507624 prepared
Florian Weimer
fw at deneb.enyo.de
Wed Dec 3 18:59:12 UTC 2008
* Michael Tautschnig:
>> * Scott Kitterman:
>>
>> > On Wed, 03 Dec 2008 12:39:59 +0100 Florian Weimer <fw at deneb.enyo.de> wrote:
>> >
>> >>Your patch looks fine. Is there a CVE yet?
>> >
>> > As of two days ago when I put the Ubuntu change together there was not.
It's CVE-2008-5314 now.
>> Oh well. At least for the other bug, there's a CVE (CVE-2008-5050).
>>
>> What about CVE-2008-1389?
>>
>
> I've looked at the corresponding patch and the code
> to-be-patched. It seems like the version in etch(-security) is not
> affected, because it does not keep going if part of the parsing
> fails (which some versions in between apparently did).
Thanks, I've recorded that in the tracker.
Would you please upload an update for the two other issues to
stable-security? Thanks.
More information about the Pkg-clamav-devel
mailing list