[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-request: clamav floating point exception in OLE2 scanner DoS (2007)
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-03-29 5:05:03
Message-ID: 4F73ED7F.9090402 () redhat ! com
[Download RAW message or body]

On 03/28/2012 12:51 AM, Henri Salo wrote:
> Can I get 2007 CVE-identifier for "fix floating point exception when using ScanOLE2" \
> vulnerability: 
> clamav (0.91.2-1) unstable; urgency=low
> 
> * New upstream version
> - fix call to tolower() which led to a crash in libclamav
> - fix possible NULL dereference, e.g. when parsing email with RFC2397
> URI
> - fix floating point exception when using ScanOLE2
> - fix possible NULL dereference in rtf.c
> 
> -- Stephen Gran <sgran@debian.org>  Tue, 21 Aug 2007 11:17:01 +0100
> 
> Different issue than CVE-2007-2650, which was fixed in 0.90.3
> 
> http://security-tracker.debian.org/tracker/TEMP-0000000-6B8835
> 
> Other issues have CVEs: CVE-2007-4510, CVE-2007-4560. I requested this CVE-identifier before, \
> but it did not get assigned. 
> - Henri Salo

Please use CVE-2007-6745 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)


[prev in list] [next in list] [prev in thread] [next in thread]