Updated advisory with CVE numbers and descriptions

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@2669 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 19 insertions, 8 deletions

diff --git a/data/DTSA/advs/21-clamav.adv b/data/DTSA/advs/21-clamav.adv
index 381fe1d54d..fdbc443a41 100644
--- a/data/DTSA/advs/21-clamav.adv
+++ b/data/DTSA/advs/21-clamav.adv
@@ -1,10 +1,10 @@
 source: clamav
 date: November 3rd, 2005
 author: Micah Anderson
-vuln-type: Denial of service
+vuln-type: Denial of service vulnerabilities and buffer overflow
 problem-scope: remote
 debian-specific: no
-cve: CVE-2005-3239
+cve: CVE-2005-3239 CVE-2005-3500 CVE-2005-3501 CVE-2005-3303
 testing-fix: 0.87.1-0etch.1
 sid-fix: 0.87.1
 upgrade: apt-get upgrade
@@ -18,11 +18,22 @@ CVE-2005-3239
   by sending a DOC file with an invalid property tree, triggering 
   an infinite recursion.
 
-  A possible denial of service has been found in 
-  libclamav/tnef.c (IDEF1169)
+CVE-2005-3500
 
-  A possible debian of service has been found in
-  libclamav/mspack/cabd.c (IDEF1180)
+  The tnef_attachment function in Clam AntiVirus before 0.87.1
+  allows remote attackers to cause a denial of service, through
+  an infinate loop and memory exhaustion, by crafting a CAB file
+  with a value that causes ClamAV to repeatedly scan the same block
 
-  Buffer size calculation could be by-passed due to a vulnerability 
-  in libclamav/fsg.c (ZDI-CAN-004)
+CVE-2005-3501
+
+  The cabd_find function in of the libmspack library in Clam AntiVirus
+  before 0.87.1 allows remote attackers to cause a denial of service
+  via a crafted CAB file that causes cabd_find to be called with a zero
+  length.
+
+CVE-2005-3303
+
+  The FSB unpacker in Clam AntiVirus 0.80 through 0.87 allows
+  remote attackers to cause memory corruption and execute arbitrary
+  code via a crafted FSG 1.33 file.