[Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS
bugzilla at redhat.com
bugzilla at redhat.com
Thu Jun 21 02:47:32 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-2650: clamav OLE2 parser DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395
------- Additional Comments From kevin at tummy.com 2007-06-20 22:47 EST -------
First of all it looks like all versions before 0.90.3 are affected.
The upstream bug:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=466
Here's the commit that fixed it:
http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2Fole2_extract.c&rev=3078&sc=1
I don't know if this applies ok to the old 0.88.x versions.
All the other vendors I see have just shipped the 0.90.3 version.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the security
mailing list