Bug#871263: libmspack: CVE-2017-6419

2017-08-13 Thread Stuart Caie
On 12/08/17 20:40, Sebastian Andrzej Siewior wrote: On 2017-08-12 00:42:06 [+0100], Stuart Caie wrote: On 11/08/17 19:07, Sebastian Andrzej Siewior wrote: [0] https://security-tracker.debian.org/tracker/CVE-2017-6419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 [1] http

Bug#871263: libmspack: CVE-2017-6419

2017-08-12 Thread Sebastian Andrzej Siewior
On 2017-08-12 00:42:06 [+0100], Stuart Caie wrote: > On 11/08/17 19:07, Sebastian Andrzej Siewior wrote: > > > [0] https://security-tracker.debian.org/tracker/CVE-2017-6419 > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 > > > [1] > > > https://github.com/vrtadmin/clamav-de

Bug#871263: libmspack: CVE-2017-6419

2017-08-11 Thread Stuart Caie
On 11/08/17 19:07, Sebastian Andrzej Siewior wrote: [0] https://security-tracker.debian.org/tracker/CVE-2017-6419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 [1] https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 Stuart, is this enough

Bug#871263: libmspack: CVE-2017-6419

2017-08-11 Thread Sebastian Andrzej Siewior
+ Stuart On 2017-08-07 15:21:48 [+0200], Salvatore Bonaccorso wrote: > Source: libmspack > Version: 0.5-1 > Severity: grave > Tags: security upstream > > Hi, > > the following vulnerability was published for libmspack. > > CVE-2017-6419[0]: > | mspack/lzxd.c in libmspack 0.5alpha, as used in Cl

Bug#871263: libmspack: CVE-2017-6419

2017-08-07 Thread Salvatore Bonaccorso
Source: libmspack Version: 0.5-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for libmspack. CVE-2017-6419[0]: | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows | remote attackers to cause a denial of service (heap-based buffer | ove