Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Aug 2012 11:29:01 -0400
From: Sean Amoss <ackle@...too.org>
To: oss-security@...ts.openwall.com
CC: Gentoo Linux Security Team <security@...too.org>
Subject: CVE Request: SquidClamav insufficient escaping flaws

Hi Kurt,

It appears that this has not yet received a CVE:

The upstream notification [1] shows SquidClamav 5.8 and 6.7 fixes a URL
escaping issue which could lead to a daemon crash [2]. SquidClamav 5.8
also fixes escaping issues in CGI scripts [3].


References:
[1] http://squidclamav.darold.net/news.html
[2] https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00
[3] https://github.com/darold/squidclamav/commit/5806d10a31183a0b0d18eccc3a3e04e536e2315b
[4] https://bugs.gentoo.org/show_bug.cgi?id=428778


Thanks,
Sean

-- 
Sean Amoss
Gentoo Security | GLSA Coordinator
E-Mail	  : ackle@...too.org
GnuPG ID  : E928357A
GnuPG FP  : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ