Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Tue, 17 Jun 2008 11:55:10 +0300
From: Eren Türkay <turkay.eren@...il.com>
To: oss-security@...ts.openwall.com
Cc: edwin@...mav.net
Subject: Re: CVE id request: Clamav

On 17 Jun 2008 Tue 10:38:13 Eren Türkay wrote:
>   * libclamav/mbox.c, shared/network.c: prevent uninitialized use of
> hostent structure (bb #1003).
>
> The bug entry says that after zip file's arriving at clamd, it suddenly
> dies and nothing can be retrieved thereafter. Clamav developer also
> comfirms that this happens when MailFollowURLs is enabled.

Hello,

I talked to Edwin on #clamav channel. He says this is a rare-case and he 
thinks that it's a vulnerability rather than a security flaw.

Edwin, could you please inform us about important vulnerabilities/security 
flaws fixed in 0.93.1?

My best regards,
Eren

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux