Re: clamav: floating point exception in OLE2 scanner DoS / TEMP-0000000-6B8835

2011-08-01 Thread Henri Salo 
On Mon, Aug 01, 2011 at 06:50:38PM +0300, Henri Salo wrote:
 I think TEMP-000-6B8835 is the same as CVE-2007-2650 as seen in these 
 links below:
 http://security-tracker.debian.org/tracker/TEMP-000-6B8835
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650
 http://www.debian.org/security/2007/dsa-1320
 
 Related information:
 http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-2650
 
 Best regards,
 Henri Salo

Or is that different issue? I can request CVE-identifier for 
TEMP-000-6B8835 if that is not the correct one.

Best regards,
Henri Salo


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110801161820.gb21...@foo.fgeek.fi

Re: clamav: floating point exception in OLE2 scanner DoS / TEMP-0000000-6B8835

2011-08-01 Thread Moritz Mühlenhoff 
On Mon, Aug 01, 2011 at 06:50:38PM +0300, Henri Salo wrote:
 I think TEMP-000-6B8835 is the same as CVE-2007-2650 as seen in these 
 links below:
 http://security-tracker.debian.org/tracker/TEMP-000-6B8835
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650
 http://www.debian.org/security/2007/dsa-1320

Doesn't seem to the same:

This is the CVE-less issue:

clamav (0.91.2-1) unstable; urgency=low

  * New upstream version
- fix call to tolower() which led to a crash in libclamav
- fix possible NULL dereference, e.g. when parsing email with RFC2397
  URI
- fix floating point exception when using ScanOLE2
- fix possible NULL dereference in rtf.c

 -- Stephen Gran sg...@debian.org  Tue, 21 Aug 2007 11:17:01 +0100

CVE-2007-2650 was fixed in 0.90.3

So, please go ahead with requesting a CVE-2007-foo ID for it.

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110801181312.GA3834@pisco.westfalen.local