Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

clamav: CVE-2014-9050: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file

Related Vulnerabilities: CVE-2014-9050  

Source

Debian Bug report logs - #770985
clamav: CVE-2014-9050: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file

version graph

Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>; Source for clamav is src:clamav (PTS, buildd, popcon).

Reported by: Ralf Hildebrandt <ralf.hildebrandt@charite.de>

Date: Tue, 25 Nov 2014 18:21:02 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Found in versions clamav/0.97.8+dfsg-1, clamav/0.98.1+dfsg-1+deb6u3, clamav/0.98.1+dfsg-1

Fixed in versions clamav/0.98.5+dfsg-0+deb7u1, clamav/0.98.5+dfsg-1, clamav/0.98.1+dfsg-1+deb6u4

Done: Evgeni Golov <evgeni.golov@credativ.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#770985; Package clamav. (Tue, 25 Nov 2014 18:21:07 GMT) (full text, mbox, link).

Acknowledgement sent to Ralf Hildebrandt <ralf.hildebrandt@charite.de>:
New Bug report received and forwarded. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>. (Tue, 25 Nov 2014 18:21:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ralf Hildebrandt <ralf.hildebrandt@charite.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file
Date: Tue, 25 Nov 2014 19:07:30 +0100
Package: clamav
Version: 0.98.1+dfsg-1+deb6u3
Severity: important

Dear Maintainer,

A heap buffer overflow was reported in [1] in ClamAV when scanning a
specially crafted y0da Crypter obfuscated PE file.
Note that this is remotely exploitable when ClamAV is used as a mail
gateway scanner.

Upstream fix is available here: [2].
ClamAV 0.98.5 contains the above fix.

Additional references:
[1] https://bugzilla.clamav.net/show_bug.cgi?id=11155
[2] https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e

-- System Information:
Debian Release: jessie/sid
  APT prefers utopic-updates
  APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic'), (100, 'utopic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-24-generic (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Added tag(s) upstream, security, and fixed-upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 25 Nov 2014 18:39:17 GMT) (full text, mbox, link).

Marked as found in versions clamav/0.98.1+dfsg-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 25 Nov 2014 18:39:19 GMT) (full text, mbox, link).

Marked as fixed in versions clamav/0.98.5+dfsg-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 25 Nov 2014 18:39:20 GMT) (full text, mbox, link).

Changed Bug title to 'clamav: CVE-2014-9050: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file' from 'clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file' Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 25 Nov 2014 18:42:09 GMT) (full text, mbox, link).

Marked as found in versions clamav/0.97.8+dfsg-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 25 Nov 2014 18:42:14 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#770985; Package clamav. (Tue, 25 Nov 2014 21:21:15 GMT) (full text, mbox, link).

Acknowledgement sent to Sebastian Andrzej Siewior <sebastian@breakpoint.cc>:
Extra info received and forwarded to list. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>. (Tue, 25 Nov 2014 21:21:15 GMT) (full text, mbox, link).

Message #20 received at 770985@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
To: Ralf Hildebrandt <ralf.hildebrandt@charite.de>, 770985@bugs.debian.org
Subject: Re: [Pkg-clamav-devel] Bug#770985: clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file
Date: Tue, 25 Nov 2014 22:18:21 +0100
On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote:
> Version: 0.98.1+dfsg-1+deb6u3

> A heap buffer overflow was reported in [1] in ClamAV when scanning a
> specially crafted y0da Crypter obfuscated PE file.
> Note that this is remotely exploitable when ClamAV is used as a mail
> gateway scanner.

we are aware of the situtation, a stable upload is already waiting. Please
note that there won't be an update for Squeeze unless the LTS team does so.

Sebastian

Information forwarded to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#770985; Package clamav. (Tue, 25 Nov 2014 21:30:18 GMT) (full text, mbox, link).

Acknowledgement sent to Scott Kitterman <debian@kitterman.com>:
Extra info received and forwarded to list. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>. (Tue, 25 Nov 2014 21:30:18 GMT) (full text, mbox, link).

Message #25 received at 770985@bugs.debian.org (full text, mbox, reply):

From: Scott Kitterman <debian@kitterman.com>
To: 770985@bugs.debian.org, Ralf Hildebrandt <ralf.hildebrandt@charite.de>
Subject: Re: [Pkg-clamav-devel] Bug#770985: Bug#770985: clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file
Date: Tue, 25 Nov 2014 16:30:43 -0500
On Tuesday, November 25, 2014 10:18:21 PM Sebastian Andrzej Siewior wrote:
> On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote:
> > Version: 0.98.1+dfsg-1+deb6u3
> > 
> > A heap buffer overflow was reported in [1] in ClamAV when scanning a
> > specially crafted y0da Crypter obfuscated PE file.
> > Note that this is remotely exploitable when ClamAV is used as a mail
> > gateway scanner.
> 
> we are aware of the situtation, a stable upload is already waiting. Please
> note that there won't be an update for Squeeze unless the LTS team does so.

I did add clamav to the list of packages needing an update for the LTS (and 
libclamunrar too), so the LTS team is aware of it.

Scott K

Marked as fixed in versions clamav/0.98.5+dfsg-0+deb7u1. Request was from Sebastian Andrzej Siewior <sebastian@breakpoint.cc> to control@bugs.debian.org. (Tue, 25 Nov 2014 22:27:15 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#770985; Package clamav. (Thu, 27 Nov 2014 08:39:08 GMT) (full text, mbox, link).

Acknowledgement sent to Evgeni Golov <evgeni.golov@credativ.de>:
Extra info received and forwarded to list. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>. (Thu, 27 Nov 2014 08:39:08 GMT) (full text, mbox, link).

Message #32 received at 770985@bugs.debian.org (full text, mbox, reply):

From: Evgeni Golov <evgeni.golov@credativ.de>
To: Scott Kitterman <debian@kitterman.com>, 770985@bugs.debian.org
Cc: Ralf Hildebrandt <ralf.hildebrandt@charite.de>
Subject: Re: Bug#770985: [Pkg-clamav-devel] Bug#770985: Bug#770985: clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file
Date: Thu, 27 Nov 2014 09:38:08 +0100
On Tue, Nov 25, 2014 at 04:30:43PM -0500, Scott Kitterman wrote:
> On Tuesday, November 25, 2014 10:18:21 PM Sebastian Andrzej Siewior wrote:
> > On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote:
> > > Version: 0.98.1+dfsg-1+deb6u3
> > > 
> > > A heap buffer overflow was reported in [1] in ClamAV when scanning a
> > > specially crafted y0da Crypter obfuscated PE file.
> > > Note that this is remotely exploitable when ClamAV is used as a mail
> > > gateway scanner.
> > 
> > we are aware of the situtation, a stable upload is already waiting. Please
> > note that there won't be an update for Squeeze unless the LTS team does so.
> 
> I did add clamav to the list of packages needing an update for the LTS (and 
> libclamunrar too), so the LTS team is aware of it.

Thanks, working on the clamav one now for LTS.

Upstreams patch applies just fine on the version in Squeeze, so I guess 
it would be better to apply it, instead of pulling in the new upstream?

Greets
Evgeni

Information forwarded to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#770985; Package clamav. (Thu, 27 Nov 2014 09:36:09 GMT) (full text, mbox, link).

Acknowledgement sent to Evgeni Golov <evgeni.golov@credativ.de>:
Extra info received and forwarded to list. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>. (Thu, 27 Nov 2014 09:36:09 GMT) (full text, mbox, link).

Message #37 received at 770985@bugs.debian.org (full text, mbox, reply):

From: Evgeni Golov <evgeni.golov@credativ.de>
To: 770985@bugs.debian.org
Cc: Scott Kitterman <debian@kitterman.com>, Ralf Hildebrandt <ralf.hildebrandt@charite.de>
Subject: Re: Bug#770985: [Pkg-clamav-devel] Bug#770985: Bug#770985: clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file
Date: Thu, 27 Nov 2014 10:32:29 +0100
On Thu, Nov 27, 2014 at 09:38:08AM +0100, Evgeni Golov wrote:
> On Tue, Nov 25, 2014 at 04:30:43PM -0500, Scott Kitterman wrote:
> > On Tuesday, November 25, 2014 10:18:21 PM Sebastian Andrzej Siewior wrote:
> > > On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote:
> > > > Version: 0.98.1+dfsg-1+deb6u3
> > > > 
> > > > A heap buffer overflow was reported in [1] in ClamAV when scanning a
> > > > specially crafted y0da Crypter obfuscated PE file.
> > > > Note that this is remotely exploitable when ClamAV is used as a mail
> > > > gateway scanner.
> > > 
> > > we are aware of the situtation, a stable upload is already waiting. Please
> > > note that there won't be an update for Squeeze unless the LTS team does so.
> > 
> > I did add clamav to the list of packages needing an update for the LTS (and 
> > libclamunrar too), so the LTS team is aware of it.
> 
> Thanks, working on the clamav one now for LTS.
> 
> Upstreams patch applies just fine on the version in Squeeze, so I guess 
> it would be better to apply it, instead of pulling in the new upstream?

Sadly, the patch does not solve the issue itself. clamscan -a still 
segfaults for me after the patch.

I'll try to figure out what else is needed.

Information forwarded to debian-bugs-dist@lists.debian.org, ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>:
Bug#770985; Package clamav. (Thu, 27 Nov 2014 12:36:04 GMT) (full text, mbox, link).

Acknowledgement sent to Scott Kitterman <debian@kitterman.com>:
Extra info received and forwarded to list. Copy sent to ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>. (Thu, 27 Nov 2014 12:36:04 GMT) (full text, mbox, link).

Message #42 received at 770985@bugs.debian.org (full text, mbox, reply):

From: Scott Kitterman <debian@kitterman.com>
To: Evgeni Golov <evgeni.golov@credativ.de>
Cc: 770985@bugs.debian.org, Ralf Hildebrandt <ralf.hildebrandt@charite.de>
Subject: Re: Bug#770985: [Pkg-clamav-devel] Bug#770985: Bug#770985: clamav: heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file
Date: Thu, 27 Nov 2014 07:33:22 -0500
On Thursday, November 27, 2014 10:32:29 AM Evgeni Golov wrote:
> On Thu, Nov 27, 2014 at 09:38:08AM +0100, Evgeni Golov wrote:
> > On Tue, Nov 25, 2014 at 04:30:43PM -0500, Scott Kitterman wrote:
> > > On Tuesday, November 25, 2014 10:18:21 PM Sebastian Andrzej Siewior 
wrote:
> > > > On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote:
> > > > > Version: 0.98.1+dfsg-1+deb6u3
> > > > > 
> > > > > A heap buffer overflow was reported in [1] in ClamAV when scanning a
> > > > > specially crafted y0da Crypter obfuscated PE file.
> > > > > Note that this is remotely exploitable when ClamAV is used as a mail
> > > > > gateway scanner.
> > > > 
> > > > we are aware of the situtation, a stable upload is already waiting.
> > > > Please
> > > > note that there won't be an update for Squeeze unless the LTS team
> > > > does so.
> > > 
> > > I did add clamav to the list of packages needing an update for the LTS
> > > (and
> > > libclamunrar too), so the LTS team is aware of it.
> > 
> > Thanks, working on the clamav one now for LTS.
> > 
> > Upstreams patch applies just fine on the version in Squeeze, so I guess
> > it would be better to apply it, instead of pulling in the new upstream?
> 
> Sadly, the patch does not solve the issue itself. clamscan -a still
> segfaults for me after the patch.
> 
> I'll try to figure out what else is needed.

For clamav it's more trouble than it's worth to try and tease out specific 
changes, since you need the new capabilities just to stay even with the bad 
guys anyway.  If you want to update clamav for the LTS, the changes the Ubuntu 
Security team did for Ubuntu 12.04 as it's similar to Squeeze in the relevant 
areas (Note: the source for clamav is generally in sync between Ubuntu and 
Debian, so the changes between Stable/Jessie/Testing and the Ubuntu 12.04 
update are primarily the ones you'd likely want for Squeeze, but I didn't 
specifically test this).

https://launchpad.net/ubuntu/+archive/primary/+files/clamav_0.98.5%2Baddedllvm-0ubuntu0.12.04.1.dsc

Scott K

Reply sent to Evgeni Golov <evgeni.golov@credativ.de>:
You have taken responsibility. (Thu, 27 Nov 2014 15:21:13 GMT) (full text, mbox, link).

Notification sent to Ralf Hildebrandt <ralf.hildebrandt@charite.de>:
Bug acknowledged by developer. (Thu, 27 Nov 2014 15:21:14 GMT) (full text, mbox, link).

Message #47 received at 770985-close@bugs.debian.org (full text, mbox, reply):

From: Evgeni Golov <evgeni.golov@credativ.de>
To: 770985-close@bugs.debian.org
Subject: Bug#770985: fixed in clamav 0.98.1+dfsg-1+deb6u4
Date: Thu, 27 Nov 2014 15:19:29 +0000
Source: clamav
Source-Version: 0.98.1+dfsg-1+deb6u4

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 770985@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Evgeni Golov <evgeni.golov@credativ.de> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Nov 2014 09:39:20 +0100
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all amd64
Version: 0.98.1+dfsg-1+deb6u4
Distribution: squeeze-lts
Urgency: medium
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
Changed-By: Evgeni Golov <evgeni.golov@credativ.de>
Description: 
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav6 - anti-virus utility for Unix - library
Closes: 770985
Changes: 
 clamav (0.98.1+dfsg-1+deb6u4) squeeze-lts; urgency=medium
 .
   * Security upload by the Debian LTS team.
   * Fix CVE-2014-9050: heap buffer overflow when scanning a specially crafted
     y0da Crypter obfuscated PE file. (Closes: #770985)
   * Also backport some memory fixes for clamscan.
Checksums-Sha1: 
 cc61e6e978ab86cdbcd75cbe8a6b0f94752e1eda 2291 clamav_0.98.1+dfsg-1+deb6u4.dsc
 0cfe8a49348178fadd36cbebfbcd4667bdce4187 334406 clamav_0.98.1+dfsg-1+deb6u4.diff.gz
 3c6fa806b059fc116bcd994d43ad7c57f858d0f7 321478 clamav-base_0.98.1+dfsg-1+deb6u4_all.deb
 58d103a31d2b2f4071cf2d0c00ff3cb6deb3883f 5275262 clamav-testfiles_0.98.1+dfsg-1+deb6u4_all.deb
 2d9a6f2c23fa471135e5751763eef3cf13c0c864 1267616 clamav-docs_0.98.1+dfsg-1+deb6u4_all.deb
 ca002b12dc5d1b76829bd3a9355bb21a51674692 4353530 libclamav6_0.98.1+dfsg-1+deb6u4_amd64.deb
 366c7ff20037cb0834b48add0fa5d94f71bc2449 358926 clamav_0.98.1+dfsg-1+deb6u4_amd64.deb
 377f164a1230d1c86c5d2e2f570301b5edf4da58 448796 clamav-daemon_0.98.1+dfsg-1+deb6u4_amd64.deb
 2d2233d8649d8a205a0d286e5f15851e56e72f25 335988 clamav-freshclam_0.98.1+dfsg-1+deb6u4_amd64.deb
 1781f745992ab654f1cc51b44d8a49f80094b994 372538 clamav-milter_0.98.1+dfsg-1+deb6u4_amd64.deb
 866e5d4d6b25140627d9be5dc5a8b02903bc2078 233686 libclamav-dev_0.98.1+dfsg-1+deb6u4_amd64.deb
 998065b1a28479454d7886ba494cfd2fca450546 24476716 clamav-dbg_0.98.1+dfsg-1+deb6u4_amd64.deb
Checksums-Sha256: 
 42e8786288b36c091611176f29b350f9a5325f199be5cfb6f908c961701b8ce8 2291 clamav_0.98.1+dfsg-1+deb6u4.dsc
 c09428ada1fa8bc11a3bf14f8a40adf05fb1927b506c668ac4962e7b2fc365e6 334406 clamav_0.98.1+dfsg-1+deb6u4.diff.gz
 3a01301c6c3ca4d489e684efbf98da5c3ce9a23a77db035526bb366acb227c83 321478 clamav-base_0.98.1+dfsg-1+deb6u4_all.deb
 1568e9d72dcc6eb3070722701a2d64f92bf60a61f5cfdba355d605c860e7cc75 5275262 clamav-testfiles_0.98.1+dfsg-1+deb6u4_all.deb
 fa958c9f6a62d8df7625b03457f5ec159c48eb8b052a2e5bfadf1008bf66c933 1267616 clamav-docs_0.98.1+dfsg-1+deb6u4_all.deb
 7d51ff70ce0fb9e69655d664e69c0f2116b370483413b0dc2a980209528f5ae4 4353530 libclamav6_0.98.1+dfsg-1+deb6u4_amd64.deb
 4bd09b9a67e9e063347bf184617ecc2e06ca5986020f6354ba10259751ed9324 358926 clamav_0.98.1+dfsg-1+deb6u4_amd64.deb
 dcab9f3cf04a016a6bdb0165280f742e49d0be51466cf1af9a93d136fa550cca 448796 clamav-daemon_0.98.1+dfsg-1+deb6u4_amd64.deb
 c2986d7b412629a3becd45a0d4253b6fe91d7728abc1657243b9f98c72d03208 335988 clamav-freshclam_0.98.1+dfsg-1+deb6u4_amd64.deb
 8cde3900439f4c911937572fc33d084e8eb6612b6466955f4d2d41d9d6339be0 372538 clamav-milter_0.98.1+dfsg-1+deb6u4_amd64.deb
 d66092e87d228bb61c8db7076055e43c2e3ed844231b86f1830b4ab7c10cdfca 233686 libclamav-dev_0.98.1+dfsg-1+deb6u4_amd64.deb
 471551155772782fb75d54ca6c43c9dd2bcc174bb90e20f093c7a4d97bb933b2 24476716 clamav-dbg_0.98.1+dfsg-1+deb6u4_amd64.deb
Files: 
 1325f2d13f500bbcb46d39e5c3c711d5 2291 utils optional clamav_0.98.1+dfsg-1+deb6u4.dsc
 45ad6411d5a4d2852375cdc68f3df73e 334406 utils optional clamav_0.98.1+dfsg-1+deb6u4.diff.gz
 59281939573a9b64f19034baa3271aab 321478 utils optional clamav-base_0.98.1+dfsg-1+deb6u4_all.deb
 cbcb94955370b6aac96fe01b2a4d2c54 5275262 utils optional clamav-testfiles_0.98.1+dfsg-1+deb6u4_all.deb
 69021299dfbdae5ddde4f732a70d6058 1267616 doc optional clamav-docs_0.98.1+dfsg-1+deb6u4_all.deb
 22b909766c04108245e0be572fcbd591 4353530 libs optional libclamav6_0.98.1+dfsg-1+deb6u4_amd64.deb
 e36aeedd6f74ef9c80ae07df0e3f3875 358926 utils optional clamav_0.98.1+dfsg-1+deb6u4_amd64.deb
 88a54552b057c20c6e68053fd01009d4 448796 utils optional clamav-daemon_0.98.1+dfsg-1+deb6u4_amd64.deb
 ab70a4571c15b70940fe55cdbf1c9450 335988 utils optional clamav-freshclam_0.98.1+dfsg-1+deb6u4_amd64.deb
 9d8f1805fcf412778f493788dcdc4e78 372538 utils extra clamav-milter_0.98.1+dfsg-1+deb6u4_amd64.deb
 ec2daf4da68badd0d5bcf4e991b26176 233686 libdevel optional libclamav-dev_0.98.1+dfsg-1+deb6u4_amd64.deb
 b8e422f2bbdc61d03b8b1ac292723caf 24476716 debug extra clamav-dbg_0.98.1+dfsg-1+deb6u4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUdzaCAAoJEKGwm0IzOWHoMTUP/RyKgvcF5x+ZZWp06tAXH0HV
PbryZEq0ZZxhABhRvQJ+Z9zaKquw9TpwNypA7Cue/HKTShI6AyNoEUl3DynNHqOu
VNv8lRpFh53y3Z6uRzHCselMzqIVEwYv+uJ4jOd6c7+wqUBYrXSvyAZTXcdDQ2pX
XRIkdtmJKPBFdgKTQB4suV5Uz9vSGdPZinMWZK98FHUbRyvUPsRHCj3dTLt2FNT9
tcH0u2zZgy71RrKhIzXpPDDqv0VtZnDsHoCiaSBEOiSXNUynnlvqdtOhu9/Nbars
wTd3oM2yLTQZGMsDCOMsHsqx/1lSDLZUH1Ju550z2JwlXzam1G6vERKQfY0o7NN2
5iM/cgnIBQLF30XDnVFPud2pQdaIkw9zzSvGMlT1Y4mpomYyBO8tUvaY5B4FbWqo
YXsnhMTJ7WiQix/QU7iXf+wQ7tPDGRdxg7m5JVGLbDujcRb6t6SIz6P5wCwGPWi2
6MdojAIUSCoBVsxM1alkhdHm83Q43G8zbc+mDCSV1bFcuCKgepmyua5AhM1IWW4E
6Ik4pC/1jTbu0SyuflbxRXgs8LbuEPuAIoN/ZsvQ0d5FsVPA26hNXEM5DP5nFg45
I28kRAospO7xf0THp0LlM36X6CI8Z+hSUZ3BzpHQSUT7V5eSoeuJPWiH/v1leti4
zqacAoOWm8CmSKUt5fFO
=cCsD
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 26 Dec 2014 07:30:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:36:39 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started