Date: Thu, 4 Sep 2008 12:44:44 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: request for CVE: clamav 0.94 release On Wed, 3 Sep 2008, Marcus Meissner wrote: > The full changelog has those apparent security related entries: > * fix out-of-memory null dereferenc (bb#1141) Use CVE-2008-3912, to be filled in later. I have mixed opinions on out-of-memory null dereferences, though in security software it seems reasonable to flag it. > * fix possible invalid memory access (bb#1089) CVE-2008-1389 as mentioned by Hanno. > * fix error path memleaks and fd leaks (bb#1141) Use CVE-2008-3913 for the memory leak. Use CVE-2008-3914 for the fd leak. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ