> * Scott Kitterman: > > > On Wed, 03 Dec 2008 12:39:59 +0100 Florian Weimer <[EMAIL PROTECTED]> wrote: > > > >>Your patch looks fine. Is there a CVE yet? > > > > As of two days ago when I put the Ubuntu change together there was not. > > Oh well. At least for the other bug, there's a CVE (CVE-2008-5050). > > What about CVE-2008-1389? >
I've looked at the corresponding patch and the code to-be-patched. It seems like the version in etch(-security) is not affected, because it does not keep going if part of the parsing fails (which some versions in between apparently did). Best, Michael
pgp1QAsCbg0FE.pgp
Description: PGP signature
_______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
