Re: clamav: floating point exception in OLE2 scanner DoS / TEMP-0000000-6B8835
On Mon, Aug 01, 2011 at 06:50:38PM +0300, Henri Salo wrote:
> I think TEMP-0000000-6B8835 is the same as CVE-2007-2650 as seen in these links below:
> http://security-tracker.debian.org/tracker/TEMP-0000000-6B8835
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650
> http://www.debian.org/security/2007/dsa-1320
Doesn't seem to the same:
This is the CVE-less issue:
clamav (0.91.2-1) unstable; urgency=low
* New upstream version
- fix call to tolower() which led to a crash in libclamav
- fix possible NULL dereference, e.g. when parsing email with RFC2397
URI
- fix floating point exception when using ScanOLE2
- fix possible NULL dereference in rtf.c
-- Stephen Gran <sgran@debian.org> Tue, 21 Aug 2007 11:17:01 +0100
CVE-2007-2650 was fixed in 0.90.3
So, please go ahead with requesting a CVE-2007-foo ID for it.
Cheers,
Moritz
Reply to: