Nope. This isn't a vulnerability, just a false negative.
On Sat, Feb 22, 2014 at 4:46 PM, Brandon Perry <[email protected]>wrote: > Hey guys, > > Is this going to need a CVE? I can forward the info onto oss-sec list > and get a CVE assigned. > > > On 02/17/2014 08:12 AM, Matt Olney wrote: > > Thanks, Bradon. We'll review this. > > > > > > On Sun, Feb 16, 2014 at 7:29 PM, Brandon Perry < > [email protected]>wrote: > > > >> Hi, > >> > >> Not sure if this person is using an old version of ClamAV and I haven't > >> attempted this, but he alleges he has found a way to bypass gzip'ed > >> tarballs by modifying a specific byte within the headers. > >> > >> > >> http://www.exploit-db.com/wp-content/themes/exploit/docs/31685.pdf > >> > >> Hope this is the correct place to report this. > >> _______________________________________________ > >> http://lurker.clamav.net/list/clamav-devel.html > >> Please submit your patches to our Bugzilla: http://bugs.clamav.net > >> > > _______________________________________________ > > http://lurker.clamav.net/list/clamav-devel.html > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
