Bug 595318 (CVE-2010-1639)
Summary: | CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NEXTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | christoph.wickert, nb, rh-bugzilla, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-04-07 22:02:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 595321, 667203 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2010-05-24 11:26:12 UTC
This issue affects the current versions of the clamav package, as shipped with Fedora releases of 11 and 12. This issue affects the current versions of the clamav package, as shipped within EPEL-4 and EPEL-5 repositories. Please fix. This has been assigned CVE-2010-1639. Why is this still in state ON_QA if the blocking bug was closed on AUgust 18, 2010? Most likely due to EPEL4 and 5 still providing clamav-0.95.1 which does not have this fix. The blocking bug probably shouldn't have been closed until EPEL was updated. I suggest to make individual bugs for all affected releases and let this bug block all of them to avoid confusion. We used to do that, and folks were (understandably) annoyed at the volume of bugs, so now we use one when it affects everything and get more granular if an issue affects one release and not another. It should have probably been clearer that EPEL was affected, although comment #1 did indicate that. Created clamav tracking bugs for this issue Affects: epel-all [bug 667203] They should be pushed to stable, or will be soon. Please reopen if bug still exists. |