libclamav petite.c denial of sevice issue
Bug #249316 reported by
Scott Kitterman
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
clamav (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Dapper |
Fix Released
|
Medium
|
Michael Casadevall | ||
Feisty |
Fix Released
|
Medium
|
Michael Casadevall | ||
Gutsy |
Fix Released
|
Medium
|
Michael Casadevall | ||
Hardy |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: clamav
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for clamav.
CVE-2008-2713[0]:
| libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to
| cause a denial of service via a crafted Petite file that triggers an
| out-of-bounds read.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
The DTSA released for this issue seems to have been incomplete. Please
see this mail[1] and the additional upstream commit[2].
Cheers
Steffen
For further information see:
[0] http://
http://
Changed in clamav: | |
importance: | Undecided → Medium |
status: | New → Fix Released |
importance: | Undecided → Medium |
status: | New → Confirmed |
importance: | Undecided → Medium |
status: | New → Confirmed |
importance: | Undecided → Medium |
status: | New → Confirmed |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in clamav: | |
status: | Confirmed → In Progress |
status: | Confirmed → In Progress |
status: | Confirmed → In Progress |
status: | Triaged → In Progress |
Changed in clamav: | |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
Changed in clamav: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Hello, what does the Fix Released status indicate, that the fixed version is in Intrepid? Thanks for clarifying!