[Secure-testing-team] Re: [Secure-testing-commits] r2660
- data/DTSA/advs
micah
micah at riseup.net
Fri Nov 4 14:07:17 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Florian Weimer wrote:
> * Micah Anderson:
>
>
>>+CVE-2005-3239
>>+
>>+ The OLE2 unpacker allows remote attackers to cause a denial of service
>>+ by sending a DOC file with an invalid property tree, triggering
>>+ an infinite recursion.
>>+
>>+ A possible denial of service has been found in
>>+ libclamav/tnef.c (IDEF1169)
>
>
> Could you fromat this in a way which makes clear that the CVE name
> only applies to the first bug?
I'm waiting for CVE assignment and buildds before releasing it. My plan
has been to make the formatting as you suggest.
micah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDa2sU9n4qXRzy1ioRAo7GAKCerYkeiV94t9AVgVVRtfh95xhcDQCeKGN3
clpuWoLxMKjRFG6L+NUBLDQ=
=c3pX
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list