Re: clamav: floating point exception in OLE2 scanner DoS / TEMP-0000000-6B8835

To: Henri Salo <henri@nerv.fi>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: clamav: floating point exception in OLE2 scanner DoS / TEMP-0000000-6B8835
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 1 Aug 2011 20:13:12 +0200
Message-id: <20110801181312.GA3834@pisco.westfalen.local>
In-reply-to: <20110801155038.GA21510@foo.fgeek.fi>
References: <20110801155038.GA21510@foo.fgeek.fi>

On Mon, Aug 01, 2011 at 06:50:38PM +0300, Henri Salo wrote:
> I think TEMP-0000000-6B8835 is the same as CVE-2007-2650 as seen in these links below:
> http://security-tracker.debian.org/tracker/TEMP-0000000-6B8835
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650
> http://www.debian.org/security/2007/dsa-1320

Doesn't seem to the same:

This is the CVE-less issue:

clamav (0.91.2-1) unstable; urgency=low

  * New upstream version
    - fix call to tolower() which led to a crash in libclamav
    - fix possible NULL dereference, e.g. when parsing email with RFC2397
      URI
    - fix floating point exception when using ScanOLE2
    - fix possible NULL dereference in rtf.c

 -- Stephen Gran <sgran@debian.org>  Tue, 21 Aug 2007 11:17:01 +0100

CVE-2007-2650 was fixed in 0.90.3

So, please go ahead with requesting a CVE-2007-foo ID for it.

Cheers,
        Moritz

Reply to:

References:
- clamav: floating point exception in OLE2 scanner DoS / TEMP-0000000-6B8835
  - From: Henri Salo <henri@nerv.fi>

Prev by Date: Re: clamav: floating point exception in OLE2 scanner DoS / TEMP-0000000-6B8835
Next by Date: syslog-ng: dos / TEMP-0000000-0999A8
Previous by thread: Re: clamav: floating point exception in OLE2 scanner DoS / TEMP-0000000-6B8835
Next by thread: syslog-ng: dos / TEMP-0000000-0999A8
Index(es):
- Date
- Thread