Preparing an advisory for new clamav issues

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2660 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Micah Anderson <micah@debian.org> 2005-11-04 03:16:46 +0000
committer: Micah Anderson <micah@debian.org> 2005-11-04 03:16:46 +0000
commit: 559d8c9d82a9d152dec1313548cfe36957aeceea (patch)
tree: dee4abc0d447522db29bb1f3096cb349eb060193 /data/DTSA/advs
parent: 3f3b1506a0aeb5e913f76373c105a5b9aae34232 (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/data/DTSA/advs/21-clamav.adv b/data/DTSA/advs/21-clamav.adv
new file mode 100644
index 0000000000..381fe1d54d
--- /dev/null
+++ b/data/DTSA/advs/21-clamav.adv
@@ -0,0 +1,28 @@
+source: clamav
+date: November 3rd, 2005
+author: Micah Anderson
+vuln-type: Denial of service
+problem-scope: remote
+debian-specific: no
+cve: CVE-2005-3239
+testing-fix: 0.87.1-0etch.1
+sid-fix: 0.87.1
+upgrade: apt-get upgrade
+
+
+Multiple security holes were found in clamav:
+
+CVE-2005-3239
+
+  The OLE2 unpacker allows remote attackers to cause a denial of service 
+  by sending a DOC file with an invalid property tree, triggering 
+  an infinite recursion.
+
+  A possible denial of service has been found in 
+  libclamav/tnef.c (IDEF1169)
+
+  A possible debian of service has been found in
+  libclamav/mspack/cabd.c (IDEF1180)
+
+  Buffer size calculation could be by-passed due to a vulnerability 
+  in libclamav/fsg.c (ZDI-CAN-004)
author	Micah Anderson <micah@debian.org>	2005-11-04 03:16:46 +0000
committer	Micah Anderson <micah@debian.org>	2005-11-04 03:16:46 +0000
commit	559d8c9d82a9d152dec1313548cfe36957aeceea (patch)
tree	dee4abc0d447522db29bb1f3096cb349eb060193 /data/DTSA/advs
parent	3f3b1506a0aeb5e913f76373c105a5b9aae34232 (diff)