Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 28 Mar 2012 23:05:03 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>
Subject: Re: CVE-request: clamav floating point exception in
 OLE2 scanner DoS (2007)

On 03/28/2012 12:51 AM, Henri Salo wrote:
> Can I get 2007 CVE-identifier for "fix floating point exception when using ScanOLE2" vulnerability:
> 
> clamav (0.91.2-1) unstable; urgency=low
> 
>   * New upstream version
>     - fix call to tolower() which led to a crash in libclamav
>     - fix possible NULL dereference, e.g. when parsing email with RFC2397
>       URI
>     - fix floating point exception when using ScanOLE2
>     - fix possible NULL dereference in rtf.c
> 
>  -- Stephen Gran <sgran@...ian.org>  Tue, 21 Aug 2007 11:17:01 +0100
> 
> Different issue than CVE-2007-2650, which was fixed in 0.90.3
> 
> http://security-tracker.debian.org/tracker/TEMP-0000000-6B8835
> 
> Other issues have CVEs: CVE-2007-4510, CVE-2007-4560. I requested this CVE-identifier before, but it did not get assigned.
> 
> - Henri Salo

Please use CVE-2007-6745 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.