Michael Tautschnig wrote: >> * Scott Kitterman: >> >> >>> On Wed, 03 Dec 2008 12:39:59 +0100 Florian Weimer <[EMAIL PROTECTED]> wrote: >>> >>> >>>> Your patch looks fine. Is there a CVE yet? >>>> >>> As of two days ago when I put the Ubuntu change together there was not. >>> >> Oh well. At least for the other bug, there's a CVE (CVE-2008-5050). >> >> What about CVE-2008-1389? >> >> > > I've looked at the corresponding patch and the code to-be-patched. It seems > like > the version in etch(-security) is not affected, because it does not keep going > if part of the parsing fails (which some versions in between apparently did). > > Best, > Michael > > > ------------------------------------------------------------------------ > > _______________________________________________ > Pkg-clamav-devel mailing list > [email protected] > http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel >
I;ve tested the 0.92.1 Ubuntu version with this : http://int21.de/cve/CVE-2008-1389-clamav-chd.html and is not vulnerable .. Leonel _______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
