This one time, at band camp, Steffen Joeris said: > Package: clamav > Severity: important > Tags: security
I have no idea at present if those are correct, see below. > Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote > attackers to execute arbitrary code via a crafted e-mail message. NOTE: > this information is based upon a vague advisory by a vulnerability > information sales organization that does not coordinate with vendors or > release actionable advisories. A CVE has been assigned for tracking > purposes, but duplicates with other CVEs are difficult to determine. The 'vulnerability information sales organization' is offering to sell an advisory for 500 euros. To my knowledge, no one in the upstream team or mitre has taken them up on it (as we shouldn't, I think). Until details about this vulnerability are released in a normal manner instead of hiding them behind a profit motive, I'm not all that inclined to take it seriously. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
