Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From kevin@xxxxxxxxx 2007-06-20 22:47 EST ------- First of all it looks like all versions before 0.90.3 are affected. The upstream bug: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=466 Here's the commit that fixed it: http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2Fole2_extract.c&rev=3078&sc=1 I don't know if this applies ok to the old 0.88.x versions. All the other vendors I see have just shipped the 0.90.3 version. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
