Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Aug 2012 11:29:01 -0400
From: Sean Amoss <ackle@...too.org>
To: oss-security@...ts.openwall.com
CC: Gentoo Linux Security Team <security@...too.org>
Subject: CVE Request: SquidClamav insufficient escaping flaws

Hi Kurt,

It appears that this has not yet received a CVE:

The upstream notification [1] shows SquidClamav 5.8 and 6.7 fixes a URL
escaping issue which could lead to a daemon crash [2]. SquidClamav 5.8
also fixes escaping issues in CGI scripts [3].


References:
[1] http://squidclamav.darold.net/news.html
[2] https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00
[3] https://github.com/darold/squidclamav/commit/5806d10a31183a0b0d18eccc3a3e04e536e2315b
[4] https://bugs.gentoo.org/show_bug.cgi?id=428778


Thanks,
Sean

-- 
Sean Amoss
Gentoo Security | GLSA Coordinator
E-Mail	  : ackle@...too.org
GnuPG ID  : E928357A
GnuPG FP  : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A



Download attachment "signature.asc" of type "application/pgp-signature" (295 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.