VuXML entry for CVE-2008-0318 (libclamav)

看板FB_security作者時間18年前 (2008/02/13 23:50), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/4 (看更多)
--Fnm8lRGFTVS/3GuM Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Good day. Attached is the draft of the VuXML entry for the new ClamAV vulnerability. >From what I had seen and from the comments of the iDefence and ClamAV changelog, it seems that the vulnerable Petite PE module is really disabled in daily.cfg. The file has entries 'PE:0xbfff:13:23' and 'PE:0xdeff:24:25', while libclamav/dconf.h has the following: ----- #define PE_CONF_PETITE 0x100 ----- So, Petite compressor is disabled for f-levels 24 (0.92_sf) and 25 (0.92). 23 is 0.92rc2 and Petite is enabled for it and lower versions down to 13 (0.90). F-versions were extracted from libclamav/others.c, macro variable CL_FLEVEL. So I had marked only clamav >= 0.92 and < 0.92.1 as vulnerable. -- Eygene --Fnm8lRGFTVS/3GuM Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" --Fnm8lRGFTVS/3GuM--
更多 rea-fbsd. 的文章
文章代碼(AID): #17in7G00 (FB_security)
更多 rea-fbsd. 的文章
文章代碼(AID): #17in7G00 (FB_security)