Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>; Source for clamav is src:clamav (PTS, buildd, popcon).
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Sun, 9 Nov 2008 18:57:01 UTC
Severity: grave
Tags: security
Found in version clamav/0.90.1-1
Fixed in versions clamav/0.94.dfsg.1-1~volatile1, clamav/0.94.dfsg.1-1, clamav/0.90.1dfsg-4etch46
Done: Stephen Gran <sgran@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Stephen Gran <sgran@debian.org>
:
Bug#505134
; Package clamav
.
(Sun, 09 Nov 2008 18:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Stephen Gran <sgran@debian.org>
.
(Sun, 09 Nov 2008 18:57:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: clamav Version: 0.90.1-1 Severity: grave Tags: security Justification: user security hole A vulnerability has been reported for clamav. There does not seem to be a CVE id yet. From http://seclists.org/bugtraq/2008/Nov/0070.html: ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment. Vulnerable packages: All versions up to 0.94 are vulnerable. Version 0.94.1 fixes the problem.
Reply sent
to Michael Tautschnig <mt@debian.org>
:
You have taken responsibility.
(Wed, 12 Nov 2008 02:06:20 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(Wed, 12 Nov 2008 02:06:21 GMT) (full text, mbox, link).
Message #10 received at 505134-close@bugs.debian.org (full text, mbox, reply):
Source: clamav Source-Version: 0.94.dfsg.1-1~volatile1 We believe that the bug you reported is fixed in the latest version of clamav, which is due to be installed in the volatile.debian.org FTP archive: clamav-base_0.94.dfsg.1-1~volatile1_all.deb to pool/volatile/main/c/clamav/clamav-base_0.94.dfsg.1-1~volatile1_all.deb clamav-daemon_0.94.dfsg.1-1~volatile1_amd64.deb to pool/volatile/main/c/clamav/clamav-daemon_0.94.dfsg.1-1~volatile1_amd64.deb clamav-dbg_0.94.dfsg.1-1~volatile1_amd64.deb to pool/volatile/main/c/clamav/clamav-dbg_0.94.dfsg.1-1~volatile1_amd64.deb clamav-docs_0.94.dfsg.1-1~volatile1_all.deb to pool/volatile/main/c/clamav/clamav-docs_0.94.dfsg.1-1~volatile1_all.deb clamav-freshclam_0.94.dfsg.1-1~volatile1_amd64.deb to pool/volatile/main/c/clamav/clamav-freshclam_0.94.dfsg.1-1~volatile1_amd64.deb clamav-milter_0.94.dfsg.1-1~volatile1_amd64.deb to pool/volatile/main/c/clamav/clamav-milter_0.94.dfsg.1-1~volatile1_amd64.deb clamav-testfiles_0.94.dfsg.1-1~volatile1_all.deb to pool/volatile/main/c/clamav/clamav-testfiles_0.94.dfsg.1-1~volatile1_all.deb clamav_0.94.dfsg.1-1~volatile1.diff.gz to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1-1~volatile1.diff.gz clamav_0.94.dfsg.1-1~volatile1.dsc to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1-1~volatile1.dsc clamav_0.94.dfsg.1-1~volatile1_amd64.deb to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1-1~volatile1_amd64.deb clamav_0.94.dfsg.1.orig.tar.gz to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1.orig.tar.gz libclamav-dev_0.94.dfsg.1-1~volatile1_amd64.deb to pool/volatile/main/c/clamav/libclamav-dev_0.94.dfsg.1-1~volatile1_amd64.deb libclamav5_0.94.dfsg.1-1~volatile1_amd64.deb to pool/volatile/main/c/clamav/libclamav5_0.94.dfsg.1-1~volatile1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 505134@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. volatile.debian.org distribution maintenance software pp. Michael Tautschnig <mt@debian.org> (supplier of updated clamav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@volatile.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 12 Nov 2008 01:57:58 +0100 Source: clamav Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles libclamav5 clamav-daemon clamav-docs Architecture: source amd64 all Version: 0.94.dfsg.1-1~volatile1 Distribution: etch-volatile Urgency: low Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org> Changed-By: Michael Tautschnig <mt@debian.org> Description: clamav - anti-virus utility for Unix - command-line interface clamav-base - anti-virus utility for Unix - base package clamav-daemon - anti-virus utility for Unix - scanner daemon clamav-dbg - debug symbols for ClamAV clamav-docs - anti-virus utility for Unix - documentation clamav-freshclam - anti-virus utility for Unix - virus database update utility clamav-milter - anti-virus utility for Unix - sendmail integration clamav-testfiles - anti-virus utility for Unix - test files libclamav-dev - anti-virus utility for Unix - development files libclamav5 - anti-virus utility for Unix - library Closes: 486076 500007 500416 501298 501627 502165 505134 Changes: clamav (0.94.dfsg.1-1~volatile1) etch-volatile; urgency=low . [ Stephen Gran ] * New upstream version (closes: #505134, #502165, #501298) * Handle new option SubmitDetectionStats in freshclam.conf * Remove RAR from the description, since we really don't handle it anymore * Skip 'sleep until -e socket' logic if socket is of type inet (LP #296086) . [ Michael Meskes ] * Changed watch file to account for dfsg extension. * Do not configure temporary directory in clamd.conf anymore unless it is already configured there. * Added Basque debconf translation (closes: #500007) . [ Michael Tautschnig ] * Use lsb's status_of_proc function to determine the status of the process and return with according exit codes (closes: #486076) * Updated Dutch debconf translation (thanks Paul Gevers <paul@climbing.nl>) (closes: #501627) * Changed versioned dependency of clamav-daemon to clamav-base to equals (closes: #500416) * Handle new option DetectionStatsCountry in freshclam.conf * Don't trust the multilib guessing stuff, always use libdir=$prefix/lib * Removed nowadays unused lintian overrides * Create md5sums control file for clamav-dbg as well (thanks, lintian) * Added myself as uploader. Files: 1d7cd6c974117a046eabba4ec4fee920 967 utils optional clamav_0.94.dfsg.1-1~volatile1.dsc 8637ed043ce1408486dbe31a5344cfcf 21796733 utils optional clamav_0.94.dfsg.1.orig.tar.gz 5ddabd66d6538c1c3bb159d1f7919fe4 155608 utils optional clamav_0.94.dfsg.1-1~volatile1.diff.gz b76abf01dab717e79633bf733aa26f57 19208178 utils optional clamav-base_0.94.dfsg.1-1~volatile1_all.deb e0e60749631ee413c07f4f1b2634b80a 203166 utils optional clamav-testfiles_0.94.dfsg.1-1~volatile1_all.deb 576a890b94d5d2437699c097c7a5d136 1074046 doc optional clamav-docs_0.94.dfsg.1-1~volatile1_all.deb a98a213bf26b2e6a83f6b0f31b30a61a 521226 libs optional libclamav5_0.94.dfsg.1-1~volatile1_amd64.deb 346593d076e50ad8242e70cbe38dc259 231052 utils optional clamav_0.94.dfsg.1-1~volatile1_amd64.deb 543f333d5931fd94cb2269fa788d38de 232956 utils optional clamav-daemon_0.94.dfsg.1-1~volatile1_amd64.deb cc11048932d9f5b6137bd3e9ad57b36b 248892 utils optional clamav-freshclam_0.94.dfsg.1-1~volatile1_amd64.deb f09e5e91e087fd723a258bdb0614339f 228140 utils extra clamav-milter_0.94.dfsg.1-1~volatile1_amd64.deb f4c654a30a12536f6479a6f100cddcbe 559516 libdevel optional libclamav-dev_0.94.dfsg.1-1~volatile1_amd64.deb b7ef731a2ec061f871e507373034f8b7 842912 utils extra clamav-dbg_0.94.dfsg.1-1~volatile1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkaOIUACgkQvx6dH3bVKsSD8ACffJ9MMO/nKwvAtr1hEujjn9Je oN8An2lzzPch9oXsWryZmGckifsDOp/x =tYuW -----END PGP SIGNATURE-----
Reply sent
to Michael Tautschnig <mt@debian.org>
:
You have taken responsibility.
(Wed, 12 Nov 2008 02:33:19 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(Wed, 12 Nov 2008 02:33:19 GMT) (full text, mbox, link).
Message #15 received at 505134-close@bugs.debian.org (full text, mbox, reply):
Source: clamav Source-Version: 0.94.dfsg.1-1 We believe that the bug you reported is fixed in the latest version of clamav, which is due to be installed in the Debian FTP archive: clamav-base_0.94.dfsg.1-1_all.deb to pool/main/c/clamav/clamav-base_0.94.dfsg.1-1_all.deb clamav-daemon_0.94.dfsg.1-1_i386.deb to pool/main/c/clamav/clamav-daemon_0.94.dfsg.1-1_i386.deb clamav-dbg_0.94.dfsg.1-1_i386.deb to pool/main/c/clamav/clamav-dbg_0.94.dfsg.1-1_i386.deb clamav-docs_0.94.dfsg.1-1_all.deb to pool/main/c/clamav/clamav-docs_0.94.dfsg.1-1_all.deb clamav-freshclam_0.94.dfsg.1-1_i386.deb to pool/main/c/clamav/clamav-freshclam_0.94.dfsg.1-1_i386.deb clamav-milter_0.94.dfsg.1-1_i386.deb to pool/main/c/clamav/clamav-milter_0.94.dfsg.1-1_i386.deb clamav-testfiles_0.94.dfsg.1-1_all.deb to pool/main/c/clamav/clamav-testfiles_0.94.dfsg.1-1_all.deb clamav_0.94.dfsg.1-1.diff.gz to pool/main/c/clamav/clamav_0.94.dfsg.1-1.diff.gz clamav_0.94.dfsg.1-1.dsc to pool/main/c/clamav/clamav_0.94.dfsg.1-1.dsc clamav_0.94.dfsg.1-1_i386.deb to pool/main/c/clamav/clamav_0.94.dfsg.1-1_i386.deb clamav_0.94.dfsg.1.orig.tar.gz to pool/main/c/clamav/clamav_0.94.dfsg.1.orig.tar.gz libclamav-dev_0.94.dfsg.1-1_i386.deb to pool/main/c/clamav/libclamav-dev_0.94.dfsg.1-1_i386.deb libclamav5_0.94.dfsg.1-1_i386.deb to pool/main/c/clamav/libclamav5_0.94.dfsg.1-1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 505134@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tautschnig <mt@debian.org> (supplier of updated clamav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 12 Nov 2008 01:57:58 +0100 Source: clamav Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav5 clamav-daemon clamav-testfiles clamav-freshclam clamav-milter Architecture: source all i386 Version: 0.94.dfsg.1-1 Distribution: unstable Urgency: low Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org> Changed-By: Michael Tautschnig <mt@debian.org> Description: clamav - anti-virus utility for Unix - command-line interface clamav-base - anti-virus utility for Unix - base package clamav-daemon - anti-virus utility for Unix - scanner daemon clamav-dbg - debug symbols for ClamAV clamav-docs - anti-virus utility for Unix - documentation clamav-freshclam - anti-virus utility for Unix - virus database update utility clamav-milter - anti-virus utility for Unix - sendmail integration clamav-testfiles - anti-virus utility for Unix - test files libclamav-dev - anti-virus utility for Unix - development files libclamav5 - anti-virus utility for Unix - library Closes: 486076 500007 500416 501298 501627 502165 505134 Changes: clamav (0.94.dfsg.1-1) unstable; urgency=low . [ Stephen Gran ] * New upstream version (closes: #505134, #502165, #501298) * Handle new option SubmitDetectionStats in freshclam.conf * Remove RAR from the description, since we really don't handle it anymore * Skip 'sleep until -e socket' logic if socket is of type inet (LP #296086) . [ Michael Meskes ] * Added myself as uploader. * Changed watch file to account for dfsg extension. * Do not configure temporary directory in clamd.conf anymore unless it is already configured there. * Added Basque debconf translation (closes: #500007) . [ Michael Tautschnig ] * Use lsb's status_of_proc function to determine the status of the process and return with according exit codes (closes: #486076) * Updated Dutch debconf translation (thanks Paul Gevers <paul@climbing.nl>) (closes: #501627) * Changed versioned dependency of clamav-daemon to clamav-base to equals (closes: #500416) * Handle new option DetectionStatsCountry in freshclam.conf * Don't trust the multilib guessing stuff, always use libdir=$prefix/lib * Removed nowadays unused lintian overrides * Create md5sums control file for clamav-dbg as well (thanks, lintian) Checksums-Sha1: 93da1eb62ce8fcd434a2b9a11f550a4f98cdb476 1387 clamav_0.94.dfsg.1-1.dsc 213e5aa589bb85725764f3899ebea2d5006399aa 21796733 clamav_0.94.dfsg.1.orig.tar.gz 4b884da631cad7f64acd9808f738276648564a68 159025 clamav_0.94.dfsg.1-1.diff.gz 4624e8aac4fd8486302a08e9d0477e2fb9599934 19209594 clamav-base_0.94.dfsg.1-1_all.deb 36b43ca3f6e3341374db580d29cefedeea8d85a1 205380 clamav-testfiles_0.94.dfsg.1-1_all.deb 5c72e7b2e2c4a9a72d2d96dd8267b480dd729579 1075072 clamav-docs_0.94.dfsg.1-1_all.deb 7b9148001050858a94b00d62595254ac7492828f 518824 libclamav5_0.94.dfsg.1-1_i386.deb 29f1c3f51b5fd711d578276fb5517be0d807e198 229864 clamav_0.94.dfsg.1-1_i386.deb 1137ef73fb058839e193704b81a0dbb6288f1ae7 227416 clamav-daemon_0.94.dfsg.1-1_i386.deb 0d84d68007aedbaaa297f4495b1681de7544cd11 248876 clamav-freshclam_0.94.dfsg.1-1_i386.deb 0c4698dab0e6170c7e1006d4224f58bb5bd68a2b 227326 clamav-milter_0.94.dfsg.1-1_i386.deb 9b063664e20961b081bc7774838d1aca41bb8801 536276 libclamav-dev_0.94.dfsg.1-1_i386.deb a10bda2ef571450b4763bb0e523a7037a2a92a3c 804066 clamav-dbg_0.94.dfsg.1-1_i386.deb Checksums-Sha256: 9b2e3f5d13e71c617d96fa228019934022dd4a951d037d25838b16a0f706cfba 1387 clamav_0.94.dfsg.1-1.dsc 133186417ea9d2cfa6c0221d72b083dd0370e5b94dbbf7ed2c3a664d1a0f3752 21796733 clamav_0.94.dfsg.1.orig.tar.gz 26f4c0dfb06387ef1082d0abb6441ca1825d83dac4b95ca32478b1025c412503 159025 clamav_0.94.dfsg.1-1.diff.gz b3cfeffc372ad5e3209caf81f919b506fbea22eeba8864e2027e2f7ec2244d14 19209594 clamav-base_0.94.dfsg.1-1_all.deb 3ff649a0d7af53fdfbf6d90352c13380e77295ddc3c340f23096d866d1b0a737 205380 clamav-testfiles_0.94.dfsg.1-1_all.deb bf191718da1ba5b50c75e0775c31c1d308df46f5bf44e85299765950e62c394b 1075072 clamav-docs_0.94.dfsg.1-1_all.deb 4669d8ffd67cfd78849da206c36049d5fd757e58be8fc176eaf9cd526886fcf3 518824 libclamav5_0.94.dfsg.1-1_i386.deb d02d12cfd5c2208e32294e53b53e494e69c6fbfb337cb25b054e40ab3e0e2fa1 229864 clamav_0.94.dfsg.1-1_i386.deb 7862106b4760745712b37ba116a10380420c2b65a8e11288e9975709b248e9ea 227416 clamav-daemon_0.94.dfsg.1-1_i386.deb 874aee2d5e2c1768a02672ee7802602a7481bdbd8701de1b991c7533bc0744a8 248876 clamav-freshclam_0.94.dfsg.1-1_i386.deb ae7e91fd707b9a3ccc4f5b5f422eca20964a7f9b38651945167c80720bb77935 227326 clamav-milter_0.94.dfsg.1-1_i386.deb ff40263b509f7581abf7e7a457a8e6d983137b1401c0a6ad16fc3c1a67b76e15 536276 libclamav-dev_0.94.dfsg.1-1_i386.deb 00c3a2537820ffbc6a5c865712c32d71625783111a5c18754208e3379bcdcc52 804066 clamav-dbg_0.94.dfsg.1-1_i386.deb Files: eea85e1b567764495e07bf4dcda60381 1387 utils optional clamav_0.94.dfsg.1-1.dsc 8637ed043ce1408486dbe31a5344cfcf 21796733 utils optional clamav_0.94.dfsg.1.orig.tar.gz f23c91cbd988920e37d05807fcef8372 159025 utils optional clamav_0.94.dfsg.1-1.diff.gz ed7d66ae2263838001592f907ee60af1 19209594 utils optional clamav-base_0.94.dfsg.1-1_all.deb e9742644fdfe6d07bf0d9e97d82788c4 205380 utils optional clamav-testfiles_0.94.dfsg.1-1_all.deb 7683397be27fbad981f11f5cd87c0590 1075072 doc optional clamav-docs_0.94.dfsg.1-1_all.deb 392d1592801b2a6bbe6265333998d144 518824 libs optional libclamav5_0.94.dfsg.1-1_i386.deb b17741a00b0fd771c9560566f30e77e3 229864 utils optional clamav_0.94.dfsg.1-1_i386.deb 0d9fcafc306b577e2071c0a430027381 227416 utils optional clamav-daemon_0.94.dfsg.1-1_i386.deb 76f63c7c89cf2bba9995cdc700d6a224 248876 utils optional clamav-freshclam_0.94.dfsg.1-1_i386.deb 077bf8e1b08f47ec3411a7fa494e5b8d 227326 utils extra clamav-milter_0.94.dfsg.1-1_i386.deb 5d6f639006b8595ac953fd0f1293c3ed 536276 libdevel optional libclamav-dev_0.94.dfsg.1-1_i386.deb bf4f8346b1bcb6b31376910234ea87a5 804066 utils extra clamav-dbg_0.94.dfsg.1-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkaNeAACgkQvx6dH3bVKsQbqgCglQg7+UX+HU9eIHZpS/GJprK+ m9EAoKxDcfwvulXPw6D9jTS7ordKgVBf =IBP8 -----END PGP SIGNATURE-----
Reply sent
to Stephen Gran <sgran@debian.org>
:
You have taken responsibility.
(Fri, 05 Dec 2008 20:00:15 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(Fri, 05 Dec 2008 20:00:15 GMT) (full text, mbox, link).
Message #20 received at 505134-close@bugs.debian.org (full text, mbox, reply):
Source: clamav Source-Version: 0.90.1dfsg-4etch46 We believe that the bug you reported is fixed in the latest version of clamav, which is due to be installed in the Debian FTP archive: clamav-base_0.90.1dfsg-4etch46_all.deb to pool/main/c/clamav/clamav-base_0.90.1dfsg-4etch46_all.deb clamav-daemon_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch46_amd64.deb clamav-dbg_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch46_amd64.deb clamav-docs_0.90.1dfsg-4etch46_all.deb to pool/main/c/clamav/clamav-docs_0.90.1dfsg-4etch46_all.deb clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb clamav-milter_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav-milter_0.90.1dfsg-4etch46_amd64.deb clamav-testfiles_0.90.1dfsg-4etch46_all.deb to pool/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch46_all.deb clamav_0.90.1dfsg-4etch46.diff.gz to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46.diff.gz clamav_0.90.1dfsg-4etch46.dsc to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46.dsc clamav_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46_amd64.deb libclamav-dev_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch46_amd64.deb libclamav2_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/libclamav2_0.90.1dfsg-4etch46_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 505134@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stephen Gran <sgran@debian.org> (supplier of updated clamav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 03 Dec 2008 11:08:39 -0800 Source: clamav Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav2 clamav-docs Architecture: source amd64 all Version: 0.90.1dfsg-4etch46 Distribution: stable-security Urgency: high Maintainer: Stephen Gran <sgran@debian.org> Changed-By: Stephen Gran <sgran@debian.org> Description: clamav - antivirus scanner for Unix clamav-base - base package for clamav, an anti-virus utility for Unix clamav-daemon - antivirus scanner daemon clamav-dbg - debug symbols for clamav clamav-docs - documentation package for clamav, an anti-virus utility for Unix clamav-freshclam - downloads clamav virus databases from the Internet clamav-milter - antivirus scanner for sendmail clamav-testfiles - use these files to test that your Antivirus program works libclamav-dev - clam Antivirus library development files libclamav2 - virus scanner library Closes: 505134 507624 Changes: clamav (0.90.1dfsg-4etch46) stable-security; urgency=high . * [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow (Closes: #505134) * [CVE-2008-5314]: libclamav/special.c: respect recursion limits in cli_check_jpeg_exploit() (Closes: #507624) Files: ebc60299a69aab41dfdb77e667e2857c 908 utils optional clamav_0.90.1dfsg-4etch46.dsc 5ae1da1b6351a13b5c385919960ca9b7 216130 utils optional clamav_0.90.1dfsg-4etch46.diff.gz 63e3898029276baf914fafa347747996 201408 utils optional clamav-base_0.90.1dfsg-4etch46_all.deb 189a55ca25bdf9e03a0ae3b9f4a565e9 158564 utils optional clamav-testfiles_0.90.1dfsg-4etch46_all.deb 5d316f2ea821b441971b0e05e58e481d 1003722 utils optional clamav-docs_0.90.1dfsg-4etch46_all.deb 6207bf783731c636eaa192d696466a88 341684 libs optional libclamav2_0.90.1dfsg-4etch46_amd64.deb bc8b467814eb5b76b6a165ee7abbbb7d 856672 utils optional clamav_0.90.1dfsg-4etch46_amd64.deb 99ba1e041488e76a7d6e457ed51536f0 179200 utils optional clamav-daemon_0.90.1dfsg-4etch46_amd64.deb cd9f623cfb4f23d1777cf21e830d74b2 9302094 utils optional clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb c2aa51b550584931f3f1b7b1f6df6508 177968 utils extra clamav-milter_0.90.1dfsg-4etch46_amd64.deb e0db968192096ac9215ab676b5750c7d 355706 libdevel optional libclamav-dev_0.90.1dfsg-4etch46_amd64.deb 5e87c000b193a1d25e03580496b91fc2 594608 utils extra clamav-dbg_0.90.1dfsg-4etch46_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkk23UYACgkQvx6dH3bVKsTRRACgsWpbojk4+KJ9RFG/bM955F4A 5mkAni4qjTCXzElXZTnyyivsKkf+rm8B =HHZI -----END PGP SIGNATURE-----
Reply sent
to Stephen Gran <sgran@debian.org>
:
You have taken responsibility.
(Wed, 17 Dec 2008 21:19:09 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(Wed, 17 Dec 2008 21:19:33 GMT) (full text, mbox, link).
Message #25 received at 505134-close@bugs.debian.org (full text, mbox, reply):
Source: clamav Source-Version: 0.90.1dfsg-4etch46 We believe that the bug you reported is fixed in the latest version of clamav, which is due to be installed in the Debian FTP archive: clamav-base_0.90.1dfsg-4etch46_all.deb to pool/main/c/clamav/clamav-base_0.90.1dfsg-4etch46_all.deb clamav-daemon_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch46_amd64.deb clamav-dbg_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch46_amd64.deb clamav-docs_0.90.1dfsg-4etch46_all.deb to pool/main/c/clamav/clamav-docs_0.90.1dfsg-4etch46_all.deb clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb clamav-milter_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav-milter_0.90.1dfsg-4etch46_amd64.deb clamav-testfiles_0.90.1dfsg-4etch46_all.deb to pool/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch46_all.deb clamav_0.90.1dfsg-4etch46.diff.gz to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46.diff.gz clamav_0.90.1dfsg-4etch46.dsc to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46.dsc clamav_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/clamav_0.90.1dfsg-4etch46_amd64.deb libclamav-dev_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch46_amd64.deb libclamav2_0.90.1dfsg-4etch46_amd64.deb to pool/main/c/clamav/libclamav2_0.90.1dfsg-4etch46_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 505134@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stephen Gran <sgran@debian.org> (supplier of updated clamav package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 03 Dec 2008 11:08:39 -0800 Source: clamav Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav2 clamav-docs Architecture: source amd64 all Version: 0.90.1dfsg-4etch46 Distribution: stable-security Urgency: high Maintainer: Stephen Gran <sgran@debian.org> Changed-By: Stephen Gran <sgran@debian.org> Description: clamav - antivirus scanner for Unix clamav-base - base package for clamav, an anti-virus utility for Unix clamav-daemon - antivirus scanner daemon clamav-dbg - debug symbols for clamav clamav-docs - documentation package for clamav, an anti-virus utility for Unix clamav-freshclam - downloads clamav virus databases from the Internet clamav-milter - antivirus scanner for sendmail clamav-testfiles - use these files to test that your Antivirus program works libclamav-dev - clam Antivirus library development files libclamav2 - virus scanner library Closes: 505134 507624 Changes: clamav (0.90.1dfsg-4etch46) stable-security; urgency=high . * [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow (Closes: #505134) * [CVE-2008-5314]: libclamav/special.c: respect recursion limits in cli_check_jpeg_exploit() (Closes: #507624) Files: ebc60299a69aab41dfdb77e667e2857c 908 utils optional clamav_0.90.1dfsg-4etch46.dsc 5ae1da1b6351a13b5c385919960ca9b7 216130 utils optional clamav_0.90.1dfsg-4etch46.diff.gz 63e3898029276baf914fafa347747996 201408 utils optional clamav-base_0.90.1dfsg-4etch46_all.deb 189a55ca25bdf9e03a0ae3b9f4a565e9 158564 utils optional clamav-testfiles_0.90.1dfsg-4etch46_all.deb 5d316f2ea821b441971b0e05e58e481d 1003722 utils optional clamav-docs_0.90.1dfsg-4etch46_all.deb 6207bf783731c636eaa192d696466a88 341684 libs optional libclamav2_0.90.1dfsg-4etch46_amd64.deb bc8b467814eb5b76b6a165ee7abbbb7d 856672 utils optional clamav_0.90.1dfsg-4etch46_amd64.deb 99ba1e041488e76a7d6e457ed51536f0 179200 utils optional clamav-daemon_0.90.1dfsg-4etch46_amd64.deb cd9f623cfb4f23d1777cf21e830d74b2 9302094 utils optional clamav-freshclam_0.90.1dfsg-4etch46_amd64.deb c2aa51b550584931f3f1b7b1f6df6508 177968 utils extra clamav-milter_0.90.1dfsg-4etch46_amd64.deb e0db968192096ac9215ab676b5750c7d 355706 libdevel optional libclamav-dev_0.90.1dfsg-4etch46_amd64.deb 5e87c000b193a1d25e03580496b91fc2 594608 utils extra clamav-dbg_0.90.1dfsg-4etch46_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkk23UYACgkQvx6dH3bVKsTRRACgsWpbojk4+KJ9RFG/bM955F4A 5mkAni4qjTCXzElXZTnyyivsKkf+rm8B =HHZI -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 15 Jan 2009 07:27:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.