Date: Thu, 16 Aug 2012 11:29:01 -0400 From: Sean Amoss <ackle@...too.org> To: oss-security@...ts.openwall.com CC: Gentoo Linux Security Team <security@...too.org> Subject: CVE Request: SquidClamav insufficient escaping flaws Hi Kurt, It appears that this has not yet received a CVE: The upstream notification  shows SquidClamav 5.8 and 6.7 fixes a URL escaping issue which could lead to a daemon crash . SquidClamav 5.8 also fixes escaping issues in CGI scripts . References:  http://squidclamav.darold.net/news.html  https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00  https://github.com/darold/squidclamav/commit/5806d10a31183a0b0d18eccc3a3e04e536e2315b  https://bugs.gentoo.org/show_bug.cgi?id=428778 Thanks, Sean -- Sean Amoss Gentoo Security | GLSA Coordinator E-Mail : ackle@...too.org GnuPG ID : E928357A GnuPG FP : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A Download attachment "signature.asc" of type "application/pgp-signature" (295 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.