Good day. Attached is the draft of the VuXML entry for the new ClamAV vulnerability.
>From what I had seen and from the comments of the iDefence and ClamAV changelog, it seems that the vulnerable Petite PE module is really disabled in daily.cfg. The file has entries 'PE:0xbfff:13:23' and 'PE:0xdeff:24:25', while libclamav/dconf.h has the following: ----- #define PE_CONF_PETITE 0x100 ----- So, Petite compressor is disabled for f-levels 24 (0.92_sf) and 25 (0.92). 23 is 0.92rc2 and Petite is enabled for it and lower versions down to 13 (0.90). F-versions were extracted from libclamav/others.c, macro variable CL_FLEVEL. So I had marked only clamav >= 0.92 and < 0.92.1 as vulnerable. -- Eygene
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
