[Pkg-clamav-devel] ClamAV. again
Florian Weimer
fw at deneb.enyo.de
Sun Oct 26 10:39:46 UTC 2008
* Michael Tautschnig:
>> > So shall we go ahead with the -4etch15 version, as uploaded?
>>
>> Unless anyone has any objections, I'd say yes.
>
> No objections from my POV.
Okay. I haven't followed this update from the beginning, and the
upstream bugs are still blocked, so I'd like to see input on the
following description for the DSA:
Several denial-of-service vulnerabilities have been discovered in
the ClamAV anti-virus toolkit:
Insufficient checking for out-of-memory conditions results in null
pointer derefences (CVE-2008-3912).
Incorrect error handling logic leads to memory leaks (CVE-2008-3913)
and file descriptor leaks (CVE-2008-3914).
Are the vulnerabilities really exploitable to cause permanent damages?
The patches suggest they are very minor.
More information about the Pkg-clamav-devel
mailing list