Hey guys, Is this going to need a CVE? I can forward the info onto oss-sec list and get a CVE assigned.
On 02/17/2014 08:12 AM, Matt Olney wrote: > Thanks, Bradon. We'll review this. > > > On Sun, Feb 16, 2014 at 7:29 PM, Brandon Perry > <bperry.volat...@gmail.com>wrote: > >> Hi, >> >> Not sure if this person is using an old version of ClamAV and I haven't >> attempted this, but he alleges he has found a way to bypass gzip'ed >> tarballs by modifying a specific byte within the headers. >> >> >> http://www.exploit-db.com/wp-content/themes/exploit/docs/31685.pdf >> >> Hope this is the correct place to report this. >> _______________________________________________ >> http://lurker.clamav.net/list/clamav-devel.html >> Please submit your patches to our Bugzilla: http://bugs.clamav.net >> > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net