I agree, they are quite old, I'm mostly curious for posterity's sake. It seems
strange that two separate CVEs with very little detail. The fix commit is
public, looks to be an out of bounds read, just wanted to know if these two
CVEs should be considered as related to the same underlying vulnerability, and
if not, what the distinguishing factors were.
On 7/7/18, 12:02 PM, "Matus UHLAR - fantomas" <uh...@fantomas.sk> wrote:
On 06.07.18 15:48, Garrett Van Dyk wrote:
>I'm trying to get specific details on these two CVEs: CVE-2010-4260 (
>https://bugzilla.clamav.net/show_bug.cgi?id=2358 and
>https://bugzilla.clamav.net/show_bug.cgi?id=2396) and CVE-2010-4479 (
>https://bugzilla.clamav.net/show_bug.cgi?id=2380). I don't have permissions
>to view these bugs in Bugzilla. The issues appear to have been fixed in
>the same commit (
>https://github.com/Cisco-Talos/clamav-devel/commit/019f1955194360600ecf0644959ceca6734c2d7b)
>but this doesn't provide detail on which bug applies to which fix, or the
>nature of the bugs themselves. Any help on differentiating these
>vulnerabilities would be appreciated.
those bugs are apparently security vulnerablities in clamav, and as such
they are kept private.
why are you trying to get detailt on them?
Yes, they might to be revealed, finally they are some 8 years old...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
