[Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability]

Oliver Eikemeier eikemeier at fillmore-labs.com
Wed Feb 18 17:11:33 PST 2004


Jacques A. Vidrine wrote:

> On Wed, Feb 18, 2004 at 08:26:33AM -0600, Thomas T. Veldhouse wrote:
> 
>>Attached is a security alert from Gentoo pertaining to clam antivirus.
>>It seems that as of this morning, FreeBSD's ports still contain the
>>affected version.
> 
> Oliver (the discoverer of the vulnerability) is a FreeBSD developer and
> fixed the port some time ago.
> 
> See also
> <URL:http://www.vuxml.org/freebsd/74a9541d-5d6c-11d8-80e3-0020ed76ef5a.html>.

Btw, it is almost unbearable smart that they include the sequence that triggers
the bug in their mail, assuring that users that *have* the vulnerable clamd
installed never see the advisory.

It *had* a reason that I prefixed the lines with 'X'. Congratulations.

-Oliver



More information about the freebsd-ports mailing list