Attachment #203174 for bug #236816

View | Details | Raw Unified | Return to bug 236816
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="e28e3e9d-501a-11e9-8bda-9c5c8e75236a">
    <topic>clamav -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><lt>0.101.2,1</lt></range>
      </package>
      <package>
	<name>clamav-milter</name>
	<range><lt>0.101.2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Micah Snyder reports:</p>
	<blockquote cite="https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html">
	  <ul>
	    <li>CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. Issue reported by aCaB.</li>
	    <li>CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking</li>
	    <li>CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data.</li>
	    <li>CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application.</li>
	    <li>CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking.</li>
	    <li>CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives. Issue reported by David L.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html</url>
      <cvename>CVE-2019-1785</cvename>
      <cvename>CVE-2019-1786</cvename>
      <cvename>CVE-2019-1787</cvename>
      <cvename>CVE-2019-1788</cvename>
      <cvename>CVE-2019-1789</cvename>
      <cvename>CVE-2019-1798</cvename>
    </references>
    <dates>
      <discovery>2019-03-26</discovery>
      <entry>2019-03-26</entry>
    </dates>
  </vuln>

  <vuln vid="d74371d2-4fee-11e9-a5cd-1df8a848de3d">
    <topic>Python -- NULL pointer dereference vulnerability</topic>
    <affects>

Return to bug 236816

Lines 58-63 Link Here

(-)vuln.xml (+42 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="e28e3e9d-501a-11e9-8bda-9c5c8e75236a">
		62	<topic>clamav -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>clamav</name>
		66	<range><lt>0.101.2,1</lt></range>
		67	</package>
		68	<package>
		69	<name>clamav-milter</name>
		70	<range><lt>0.101.2,1</lt></range>
		71	</package>
		72	</affects>
		73	<description>
		74	<body xmlns="http://www.w3.org/1999/xhtml">
		75	<p>Micah Snyder reports:</p>
		76	<blockquote cite="https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html">
		77	<ul>
		78	<li>CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. Issue reported by aCaB.</li>
		79	<li>CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking</li>
		80	<li>CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data.</li>
		81	<li>CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application.</li>
		82	<li>CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking.</li>
		83	<li>CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives. Issue reported by David L.</li>
		84	</ul>
		85	</blockquote>
		86	</body>
		87	</description>
		88	<references>
		89	<url>https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html</url>
		90	<cvename>CVE-2019-1785</cvename>
		91	<cvename>CVE-2019-1786</cvename>
		92	<cvename>CVE-2019-1787</cvename>
		93	<cvename>CVE-2019-1788</cvename>
		94	<cvename>CVE-2019-1789</cvename>
		95	<cvename>CVE-2019-1798</cvename>
		96	</references>
		97	<dates>
		98	<discovery>2019-03-26</discovery>
		99	<entry>2019-03-26</entry>
		100	</dates>
		101	</vuln>
		102
61	<vuln vid="d74371d2-4fee-11e9-a5cd-1df8a848de3d">	103	<vuln vid="d74371d2-4fee-11e9-a5cd-1df8a848de3d">
62	<topic>Python -- NULL pointer dereference vulnerability</topic>	104	<topic>Python -- NULL pointer dereference vulnerability</topic>
63	<affects>	105	<affects>