Date: Thu, 16 Aug 2012 11:29:01 -0400 From: Sean Amoss <ackle@...too.org> To: oss-security@...ts.openwall.com CC: Gentoo Linux Security Team <security@...too.org> Subject: CVE Request: SquidClamav insufficient escaping flaws Hi Kurt, It appears that this has not yet received a CVE: The upstream notification  shows SquidClamav 5.8 and 6.7 fixes a URL escaping issue which could lead to a daemon crash . SquidClamav 5.8 also fixes escaping issues in CGI scripts . References:  http://squidclamav.darold.net/news.html  https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00  https://github.com/darold/squidclamav/commit/5806d10a31183a0b0d18eccc3a3e04e536e2315b  https://bugs.gentoo.org/show_bug.cgi?id=428778 Thanks, Sean -- Sean Amoss Gentoo Security | GLSA Coordinator E-Mail : ackle@...too.org GnuPG ID : E928357A GnuPG FP : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ