'Re: [oss-security] Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-04-29 20:56:31
Message-ID: 517EDE7F.80906 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/29/2013 02:20 PM, Salvatore Bonaccorso wrote:
> Hi Kurt
> 
> On Mon, Apr 29, 2013 at 01:27:18PM -0600, Kurt Seifried wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 04/27/2013 04:49 PM, Felix Gröbert wrote:
>>> Hi,
>>> 
>>> sorry for the delayed response, I'm OOO.
>>> 
>>> The bugs should be public now:
>>> 
>>> https://bugzilla.clamav.net/show_bug.cgi?id=7055 heap
>>> corruption, potentially exploitable.
>> 
>> Please use CVE-2013-2020 for this issue.

Please continue to use CVE-2013-2020 for the heap corruption issue.

>>> https://bugzilla.clamav.net/show_bug.cgi?id=7053 overflow due
>>> to PDF key length computation. Potentially exploitable.
>> 
>> Please use CVE-2013-2020 for this issue.
> 
> Should these get separates CVE (as two different types)? Only
> would like to confirm, in case this was a typo.

Argh cut and paste fail (two today). Please use CVE-2013-2021 for the
ClamAV PDF key length issue.

> Regards, Salvatore
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRft5+AAoJEBYNRVNeJnmT2CQQAN2u5Y+AqOMZLPJgpTBP89PG
7CNbD4/MmUpRjVcoOCe1mAdDtu+VD1ttcKswdl/NsQCIe667jxMWZ+yu5KqORghh
3mt7xqbqDWwthjEnmciEUNak3rm/+tSYJnOHzFUWm+gksU2JqEIz1mmAIKJA5jw9
gx638G/POxgLtCic9LZ+kVKK36XXMHOVCvfehTM7/cGYipNqDdHdHIYszBbZALtB
AXSZoPpHSOBI6El2c1MkC/dbbIl+vs6zJmJbNLKK7fZVlu8HbMuOnu/OLvT5W8qa
c/pWnju0OGjgA58ysQ7TlLjalThflBRBkOstZweiF3Er51WV0x40rPonVPl8bmJ3
ORdtjB8At97qtU54cR0ApROpCO70YQVfk0XLdy1J1zkwakCekUE7RfEVAkzwZQLw
n7PJ1nKylD0yD73L7pQlWhXlpnrEFytzKmv/s1SjuU7PtN9+0rhErfx4WerMg0cg
WBpAm+zaruPWc8hIjmCqzJo5YsLG0yVe5cpXGRrEkzunhNCR+s/QZqdKHWfosPMf
m4XNDVqhDr0IhPHKkQiTTDAhIqS2NbnyRaUqXFkQAjsuBThlHZtWIqkfhN3vU5YK
+9nVWpYHJiLDJOK1Ei72VeI6siZqpRM52r1a58HBvK75s4mhcKGo/cPEGCAEal3+
cNgAUxjxyc7TZiFmPgQQ
=kmmB
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic