Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=76cefd285f6453a487846717f1af61e1112fe488
commit 76cefd285f6453a487846717f1af61e1112fe488 Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Sun Mar 9 00:14:12 2008 +0100 FSA376-clamav diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 2d1ec98..f39895b 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -27,6 +27,21 @@ <fsas> <fsa> + <id>376</id> + <date>2008-03-09</date> + <author>vmiklos</author> + <package>clamav</package> + <vulnerable>0.91.2-2sayshell1</vulnerable> + <unaffected>0.92.1-1sayshell1</unaffected> + <bts>http://bugs.frugalware.org/task/2771</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0728</cve> + <desc>Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. + 1) An integer overflow error within the "cli_scanpe()" function in libclamav/pe.c can be exploited to cause a heap-based buffer overflow via a specially crafted PE file. + 2) An error within the "unmew11()" function in libclamav/mew.c can be exploited to corrupt heap memory. + Successful exploitation may allow execution of arbitrary code.</desc> + </fsa> + <fsa> <id>375</id> <date>2008-03-09</date> <author>vmiklos</author> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
