Debian Bug report logs -
#507624
clamav: recursive stack overflow in jpeg parsing code
Reported by: "Michael Gilbert" <michael.s.gilbert@gmail.com>
Date: Wed, 3 Dec 2008 02:06:01 UTC
Severity: grave
Tags: fixed-upstream, security
Found in versions clamav/0.90.1dfsg-4etch45, clamav/0.94.dfsg-1
Fixed in versions clamav/0.94.dfsg.2-1, clamav/0.90.1dfsg-4etch46
Done: Stephen Gran <sgran@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#507624; Package clamav.
(Wed, 03 Dec 2008 02:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "Michael Gilbert" <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>.
Your message had a Version: pseudo-header with an invalid package
version:
0.90.1dfsg-4etch45 , 0.94.dfsg-1 , 0.94.dfsg.2-1
please either use found or fixed to the control server with a correct
version, or reply to this report indicating the correct version so the
maintainer (or someone else) can correct it for you.
(Wed, 03 Dec 2008 02:06:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: clamav
Version: 0.90.1dfsg-4etch45 , 0.94.dfsg-1 , 0.94.dfsg.2-1
Severity: grave
Tags: security
Justification: user security hole
ubuntu recently issued a security notice for clamav [1] that fixes a
recursive stack overflow problem in the jpeg parsing code. there is no CVE
id at this point, and the problem is already fixed upstream in clamav
version 0.94.2. further details can be found in the ubuntu bug log [2].
they issued fixes insanely fast on this one (within twenty-seven hours of the
initial report) -- very commendable.
thanks for working to keep debian secure.
[1] http://www.ubuntu.com/usn/usn-684-1
[2] https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/304017
Information forwarded
to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#507624; Package clamav.
(Wed, 03 Dec 2008 02:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "Michael Gilbert" <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>.
(Wed, 03 Dec 2008 02:18:04 GMT) (full text, mbox, link).
Message #10 received at 507624@bugs.debian.org (full text, mbox, reply):
tag 507624 fixed-upstream
found 0.90.1dfsg-4etch45
found 0.94.dfsg-1
found 0.94.dfsg.2-1
thank you
Tags added: fixed-upstream
Request was from "Michael Gilbert" <michael.s.gilbert@gmail.com>
to control@bugs.debian.org.
(Wed, 03 Dec 2008 02:18:06 GMT) (full text, mbox, link).
Bug marked as found in version 0.90.1dfsg-4etch45.
Request was from "Michael Gilbert" <michael.s.gilbert@gmail.com>
to control@bugs.debian.org.
(Wed, 03 Dec 2008 02:21:02 GMT) (full text, mbox, link).
Bug marked as found in version 0.94.dfsg-1.
Request was from "Michael Gilbert" <michael.s.gilbert@gmail.com>
to control@bugs.debian.org.
(Wed, 03 Dec 2008 02:21:02 GMT) (full text, mbox, link).
Bug marked as found in version 0.94.dfsg.2-1.
Request was from "Michael Gilbert" <michael.s.gilbert@gmail.com>
to control@bugs.debian.org.
(Wed, 03 Dec 2008 02:21:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#507624; Package clamav.
(Wed, 03 Dec 2008 03:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Scott Kitterman <scott@kitterman.com>:
Extra info received and forwarded to list. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>.
(Wed, 03 Dec 2008 03:06:03 GMT) (full text, mbox, link).
Message #23 received at 507624@bugs.debian.org (full text, mbox, reply):
The fix is in trunk/libclamav/special.c in th clamav svn. Look at the diff
between revs 4291 and 4483.
Bug no longer marked as found in version 0.94.dfsg.2-1.
Request was from Michael Tautschnig <mt@debian.org>
to control@bugs.debian.org.
(Wed, 03 Dec 2008 04:18:02 GMT) (full text, mbox, link).
Bug marked as fixed in version 0.94.dfsg.2-1.
Request was from Michael Tautschnig <mt@debian.org>
to control@bugs.debian.org.
(Wed, 03 Dec 2008 04:18:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#507624; Package clamav.
(Wed, 03 Dec 2008 05:06:02 GMT) (full text, mbox, link).
Acknowledgement sent
to "Leonel Nunez" <listas@enelserver.com>:
Extra info received and forwarded to list. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>.
(Wed, 03 Dec 2008 05:06:02 GMT) (full text, mbox, link).
Message #32 received at 507624@bugs.debian.org (full text, mbox, reply):
> The fix is in trunk/libclamav/special.c in th clamav svn. Look at the
> diff
> between revs 4291 and 4483.
>
> _______________________________________________
> Pkg-clamav-devel mailing list
> Pkg-clamav-devel@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
>
I guess there are more changes since the special.c makes reference to 2
variables
one for example is :
maxreclevel is now on cl_engine struct and was in cl_limits on clamav.h
and in :
http://svn.clamav.net/websvn/listing.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2F&rev=4483&sc=1
There's no mention about that change
Leonel
Information forwarded
to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#507624; Package clamav.
(Wed, 03 Dec 2008 06:42:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Tautschnig <mt@debian.org>:
Extra info received and forwarded to list. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>.
(Wed, 03 Dec 2008 06:42:02 GMT) (full text, mbox, link).
Message #37 received at 507624@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tag 507624 + pending
thanks
A patch for this bug has been prepared and is sitting in our git repo, ready to
get uploaded once we get approval.
Best,
Michael
[Message part 2 (application/pgp-signature, inline)]
Tags added: pending
Request was from Michael Tautschnig <mt@debian.org>
to control@bugs.debian.org.
(Wed, 03 Dec 2008 06:42:03 GMT) (full text, mbox, link).
Reply sent
to Stephen Gran <sgran@debian.org>:
You have taken responsibility.
(Fri, 05 Dec 2008 20:00:17 GMT) (full text, mbox, link).
Notification sent
to "Michael Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Fri, 05 Dec 2008 20:00:17 GMT) (full text, mbox, link).
Message #44 received at 507624-close@bugs.debian.org (full text, mbox, reply):
Source: clamav
Source-Version: 0.90.1dfsg-4etch46
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:
clamav-base_0.90.1dfsg-4etch46_all.deb
to pool/main/c/clamav/clamav-base_0.90.1dfsg-4etch46_all.deb
clamav-daemon_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch46_amd64.deb
clamav-dbg_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch46_amd64.deb
clamav-docs_0.90.1dfsg-4etch46_all.deb
to pool/main/c/clamav/clamav-docs_0.90.1dfsg-4etch46_all.deb
clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb
clamav-milter_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav-milter_0.90.1dfsg-4etch46_amd64.deb
clamav-testfiles_0.90.1dfsg-4etch46_all.deb
to pool/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch46_all.deb
clamav_0.90.1dfsg-4etch46.diff.gz
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46.diff.gz
clamav_0.90.1dfsg-4etch46.dsc
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46.dsc
clamav_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46_amd64.deb
libclamav-dev_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch46_amd64.deb
libclamav2_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/libclamav2_0.90.1dfsg-4etch46_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 507624@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stephen Gran <sgran@debian.org> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 03 Dec 2008 11:08:39 -0800
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav2 clamav-docs
Architecture: source amd64 all
Version: 0.90.1dfsg-4etch46
Distribution: stable-security
Urgency: high
Maintainer: Stephen Gran <sgran@debian.org>
Changed-By: Stephen Gran <sgran@debian.org>
Description:
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-dbg - debug symbols for clamav
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
clamav-milter - antivirus scanner for sendmail
clamav-testfiles - use these files to test that your Antivirus program works
libclamav-dev - clam Antivirus library development files
libclamav2 - virus scanner library
Closes: 505134 507624
Changes:
clamav (0.90.1dfsg-4etch46) stable-security; urgency=high
.
* [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow
(Closes: #505134)
* [CVE-2008-5314]: libclamav/special.c: respect recursion limits in
cli_check_jpeg_exploit() (Closes: #507624)
Files:
ebc60299a69aab41dfdb77e667e2857c 908 utils optional clamav_0.90.1dfsg-4etch46.dsc
5ae1da1b6351a13b5c385919960ca9b7 216130 utils optional clamav_0.90.1dfsg-4etch46.diff.gz
63e3898029276baf914fafa347747996 201408 utils optional clamav-base_0.90.1dfsg-4etch46_all.deb
189a55ca25bdf9e03a0ae3b9f4a565e9 158564 utils optional clamav-testfiles_0.90.1dfsg-4etch46_all.deb
5d316f2ea821b441971b0e05e58e481d 1003722 utils optional clamav-docs_0.90.1dfsg-4etch46_all.deb
6207bf783731c636eaa192d696466a88 341684 libs optional libclamav2_0.90.1dfsg-4etch46_amd64.deb
bc8b467814eb5b76b6a165ee7abbbb7d 856672 utils optional clamav_0.90.1dfsg-4etch46_amd64.deb
99ba1e041488e76a7d6e457ed51536f0 179200 utils optional clamav-daemon_0.90.1dfsg-4etch46_amd64.deb
cd9f623cfb4f23d1777cf21e830d74b2 9302094 utils optional clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb
c2aa51b550584931f3f1b7b1f6df6508 177968 utils extra clamav-milter_0.90.1dfsg-4etch46_amd64.deb
e0db968192096ac9215ab676b5750c7d 355706 libdevel optional libclamav-dev_0.90.1dfsg-4etch46_amd64.deb
5e87c000b193a1d25e03580496b91fc2 594608 utils extra clamav-dbg_0.90.1dfsg-4etch46_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkk23UYACgkQvx6dH3bVKsTRRACgsWpbojk4+KJ9RFG/bM955F4A
5mkAni4qjTCXzElXZTnyyivsKkf+rm8B
=HHZI
-----END PGP SIGNATURE-----
Reply sent
to Stephen Gran <sgran@debian.org>:
You have taken responsibility.
(Wed, 17 Dec 2008 21:19:50 GMT) (full text, mbox, link).
Notification sent
to "Michael Gilbert" <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Wed, 17 Dec 2008 21:19:51 GMT) (full text, mbox, link).
Message #49 received at 507624-close@bugs.debian.org (full text, mbox, reply):
Source: clamav
Source-Version: 0.90.1dfsg-4etch46
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:
clamav-base_0.90.1dfsg-4etch46_all.deb
to pool/main/c/clamav/clamav-base_0.90.1dfsg-4etch46_all.deb
clamav-daemon_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch46_amd64.deb
clamav-dbg_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch46_amd64.deb
clamav-docs_0.90.1dfsg-4etch46_all.deb
to pool/main/c/clamav/clamav-docs_0.90.1dfsg-4etch46_all.deb
clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb
clamav-milter_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav-milter_0.90.1dfsg-4etch46_amd64.deb
clamav-testfiles_0.90.1dfsg-4etch46_all.deb
to pool/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch46_all.deb
clamav_0.90.1dfsg-4etch46.diff.gz
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46.diff.gz
clamav_0.90.1dfsg-4etch46.dsc
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46.dsc
clamav_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46_amd64.deb
libclamav-dev_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch46_amd64.deb
libclamav2_0.90.1dfsg-4etch46_amd64.deb
to pool/main/c/clamav/libclamav2_0.90.1dfsg-4etch46_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 507624@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stephen Gran <sgran@debian.org> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 03 Dec 2008 11:08:39 -0800
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav2 clamav-docs
Architecture: source amd64 all
Version: 0.90.1dfsg-4etch46
Distribution: stable-security
Urgency: high
Maintainer: Stephen Gran <sgran@debian.org>
Changed-By: Stephen Gran <sgran@debian.org>
Description:
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-dbg - debug symbols for clamav
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
clamav-milter - antivirus scanner for sendmail
clamav-testfiles - use these files to test that your Antivirus program works
libclamav-dev - clam Antivirus library development files
libclamav2 - virus scanner library
Closes: 505134 507624
Changes:
clamav (0.90.1dfsg-4etch46) stable-security; urgency=high
.
* [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow
(Closes: #505134)
* [CVE-2008-5314]: libclamav/special.c: respect recursion limits in
cli_check_jpeg_exploit() (Closes: #507624)
Files:
ebc60299a69aab41dfdb77e667e2857c 908 utils optional clamav_0.90.1dfsg-4etch46.dsc
5ae1da1b6351a13b5c385919960ca9b7 216130 utils optional clamav_0.90.1dfsg-4etch46.diff.gz
63e3898029276baf914fafa347747996 201408 utils optional clamav-base_0.90.1dfsg-4etch46_all.deb
189a55ca25bdf9e03a0ae3b9f4a565e9 158564 utils optional clamav-testfiles_0.90.1dfsg-4etch46_all.deb
5d316f2ea821b441971b0e05e58e481d 1003722 utils optional clamav-docs_0.90.1dfsg-4etch46_all.deb
6207bf783731c636eaa192d696466a88 341684 libs optional libclamav2_0.90.1dfsg-4etch46_amd64.deb
bc8b467814eb5b76b6a165ee7abbbb7d 856672 utils optional clamav_0.90.1dfsg-4etch46_amd64.deb
99ba1e041488e76a7d6e457ed51536f0 179200 utils optional clamav-daemon_0.90.1dfsg-4etch46_amd64.deb
cd9f623cfb4f23d1777cf21e830d74b2 9302094 utils optional clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb
c2aa51b550584931f3f1b7b1f6df6508 177968 utils extra clamav-milter_0.90.1dfsg-4etch46_amd64.deb
e0db968192096ac9215ab676b5750c7d 355706 libdevel optional libclamav-dev_0.90.1dfsg-4etch46_amd64.deb
5e87c000b193a1d25e03580496b91fc2 594608 utils extra clamav-dbg_0.90.1dfsg-4etch46_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkk23UYACgkQvx6dH3bVKsTRRACgsWpbojk4+KJ9RFG/bM955F4A
5mkAni4qjTCXzElXZTnyyivsKkf+rm8B
=HHZI
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 15 Jan 2009 07:27:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:20:15 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon