Bug 199823

Summary:	app-antivirus/clamav Unspecified remote execution of arbitrary code (CVE-2007-6029)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED CANTFIX
Severity:	trivial	CC:	antivirus, net-mail+disabled
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B1? [upstream]
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2007-11-20 21:20:13 UTC

CVE-2007-6029 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6029):
  Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers
  to execute arbitrary code via a crafted e-mail message. NOTE: this
  information is based upon a vague advisory by a vulnerability information
  sales organization that does not coordinate with vendors or release
  actionable advisories. A CVE has been assigned for tracking purposes, but
  duplicates with other CVEs are difficult to determine.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2007-11-20 21:24:14 UTC

Not much we can do right now, but we should keep an eye.

Comment 2 Thilo Bangert (RETIRED) (RETIRED) gentoo-dev

2007-12-18 14:45:18 UTC

0.92 has been released and is in the tree - dont know if this is fixed by it though...

Comment 3 Thilo Bangert (RETIRED) (RETIRED) gentoo-dev

2008-02-12 21:18:48 UTC

0.92 is pretty much stable across the board
see also bug #207231 and
http://packages.gentoo.org/package/app-antivirus/clamav

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2008-02-19 01:14:49 UTC

If no one objects, I'll close this bug in 2 days. Since no one publicly stated details of the sold vulnerability, this is either a dupe of an already fixed bug, or it will be in the future.

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2008-03-22 16:31:30 UTC

closing.