Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Aug 2012 10:55:15 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Sean Amoss <ackle@...too.org>,
        Gentoo Linux Security Team <security@...too.org>
Subject: Re: CVE Request: SquidClamav insufficient escaping
 flaws

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/16/2012 09:29 AM, Sean Amoss wrote:
> Hi Kurt,
> 
> It appears that this has not yet received a CVE:
> 
> The upstream notification [1] shows SquidClamav 5.8 and 6.7 fixes a
> URL escaping issue which could lead to a daemon crash [2].
> SquidClamav 5.8 also fixes escaping issues in CGI scripts [3].
> 
> 
> References: [1] http://squidclamav.darold.net/news.html [2]
> https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00
>
> 
[3]
https://github.com/darold/squidclamav/commit/5806d10a31183a0b0d18eccc3a3e04e536e2315b
> [4] https://bugs.gentoo.org/show_bug.cgi?id=428778
> 
> 
> Thanks, Sean

Please use CVE-2012-3501 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQLSXzAAoJEBYNRVNeJnmT3VIP/1l8Bg2kMnBaK7E5VBLhOmgk
/DH9iFX8XWOCiOSqBdOUn3dvcubStSwXQD00rNiTFa2fgi7OJW0VAv0OdNkqrh9D
iMw6nFkNuXLdRxvqB8G7p0yAjmVdQbRG7mFbtdoFNDnNdkxzDLHvrLPCoPariCeR
hLlWmFo4UxU++8hjLpNYKSK2orirVPuMr73xRKnbGXlbwR/po3QprFt52OgiLFy/
GfYrOZFOe8S9ikW0AucifibBEDoWyURFRfGt9oeDgmUz/gQRdrfCdpdCcOsb1EKo
mZOX5TXWjTTMCdZGyKcV0qB1+aS3JbTVRONbzs3W6KHYKbpVVucQvFxP9zB/vVLy
97VPHS1+QyUqh+rdAO7+Xi6344tkAQUt4Pmhru9weihZmCZK/D+Kdxv7KUa/pfm/
mbyDq7Y8apwt2mmFtuUp1Evt9A8lyoMfl6pMSlxgUVAgUjiM00Slqwp2B+wiqnuf
mkO49YrFwgF6xu8Ecqgpp5hbFHu/gse7HE1aQXBUELGTPUwr2y6PcF07bVAtH6yo
VO6DvSEPWHDM5MgGHC2Fim7V2epqOzMF8MNxW8y2i+N03i1LKQQc4yKXNZuD2PLA
EBD6Q2WvVv/BbbLmsSepSU5eLemWn8JhxT9H+w85hQxJuXlJhv8j/kE2+rwRW/nK
Kf4DL7TdjS8kSymNrLAk
=lEcD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ