[Pkg-clamav-devel] Bug#523016: CVE ids
Michael Tautschnig
mt at debian.org
Thu Apr 9 22:58:26 UTC 2009
> Hi,
> here are the CVE ids for this:
>
> ======================================================
> Name: CVE-2008-6680
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6680
> Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1335
>
> libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause
> a denial of service (crash) via a crafted EXE file that triggers a
> divide-by-zero error.
>
>
> ======================================================
> Name: CVE-2009-1270
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270
> Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
>
> libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
> cause a denial of service (infinite loop) via a crafted file that
> causes (1) clamd and (2) clamscan to hang.
>
Thanks a lot for digging up these. A patched version is sitting in our
repository and we'll soon send out the patch and upload request to the security
team.
Best,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20090410/d1e518fd/attachment.pgp>
More information about the Pkg-clamav-devel
mailing list