[Pkg-clamav-devel] ClamAV. again
Florian Weimer
fw at deneb.enyo.de
Sun Oct 26 11:34:00 UTC 2008
* Stephen Gran:
>> Are the vulnerabilities really exploitable to cause permanent damages?
>> The patches suggest they are very minor.
>
> I don't think permanent damage, no. The null pointer dereferences will
> crash clamd, so it's a DoS. The others will slowly leak over time
> (particularly on html mail) until they create a DoS. I don't believe
> there are any code execution possibilities this time around.
Ah, I missed the clamd angle.
Anyway, we still need a mipsel build. The problem is that it somehow
got lost. It's not in the embargoed queue, and it's no longer on the
buildd either, it seems. 8-( I think this can be built manually after
the DSA, so I'm going to release anyway.
More information about the Pkg-clamav-devel
mailing list