Your message dated Wed, 19 Dec 2007 09:16:50 +0100 (CET)
with message-id <[EMAIL PROTECTED]>
and subject line Bug#454052: fixed in clamav 0.92~dfsg-1~volatile1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libclamav2
Version: 0.91.2-3 0.91.2-4
Hello,
I have seen a segfault in libclamav2 when I turn on
"PhishingSignatures" flag on a sparc64/smp (U80). I have run clamd with
debug options in gdb :
LibClamAV debug: blobClose: recovered 8180 bytes from 8192
LibClamAV debug: blobClose: recovered 8183 bytes from 8192
LibClamAV debug: blobClose: recovered 8183 bytes from 8192
LibClamAV debug: blobClose: recovered 8156 bytes from 8192
LibClamAV debug: blobClose: recovered 8156 bytes from 8192
LibClamAV debug: getHrefs: html_normalise_mem returned
LibClamAV debug: Phishcheck: href with no contents?
LibClamAV debug: Phishcheck:Checking url
http://home.edt02.net/emc/emchV4c/?c=18
cliquant
ici6369-0-49344-531291651-0-0-0-0-nadege.teixeira%atpc30.fr->en
LibClamAV debug: Phishing: looking up in whitelist:
http://home.edt02.net/emc/em
chV4c/?c=18860-49343-28165-1-96369-0-49344-531291651-0-0-0-0-nadege.teixeira�pc3
0.fr:encliquantici; host-only:0
LibClamAV debug: Looking up in regex_list:
http://home.edt02.net/emc/emchV4c/?c=
18860-49343-28165-1-96369-0-49344-531291651-0-0-0-0-nadege.teixeira�pc30.fr:encl
iquantici/
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf7877b90 (LWP 1991)]
0xf7f8527c in regex_list_match () from /usr/lib/libclamav.so.2
(gdb) up
#1 0xf7f835b8 in whitelist_match () from /usr/lib/libclamav.so.2
(gdb) up
#2 0xf7f82adc in phishingScan () from /usr/lib/libclamav.so.2
(gdb) up
#3 0xf7f3f57c in ?? () from /usr/lib/libclamav.so.2
(gdb) up
#4 0xf7f3f57c in ?? () from /usr/lib/libclamav.so.2
(gdb) up
Initial frame selected; you cannot go up.
(gdb) quit
My clamd.conf :
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket true
User defang
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ArchiveMaxCompressionRatio 250
ArchiveLimitMemoryUsage false
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 120
MaxThreads 12
MaxConnectionQueueLength 30
StreamMaxLength 10M
LogSyslog true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose true
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav/
TemporaryDirectory /tmp
SelfCheck 1800
Foreground true
Debug true
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
MailFollowURLs false
ArchiveBlockMax false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
NodalCoreAcceleration false
IdleTimeout 30
MailMaxRecursion 64
PhishingSignatures false
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Regards,
JKB
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.92~dfsg-1~volatile1
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the volatile.debian.org FTP archive:
clamav-base_0.92~dfsg-1~volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-base_0.92~dfsg-1~volatile1_all.deb
clamav-daemon_0.92~dfsg-1~volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-daemon_0.92~dfsg-1~volatile1_i386.deb
clamav-dbg_0.92~dfsg-1~volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-dbg_0.92~dfsg-1~volatile1_i386.deb
clamav-docs_0.92~dfsg-1~volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-docs_0.92~dfsg-1~volatile1_all.deb
clamav-freshclam_0.92~dfsg-1~volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-freshclam_0.92~dfsg-1~volatile1_i386.deb
clamav-milter_0.92~dfsg-1~volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-milter_0.92~dfsg-1~volatile1_i386.deb
clamav-testfiles_0.92~dfsg-1~volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-testfiles_0.92~dfsg-1~volatile1_all.deb
clamav_0.92~dfsg-1~volatile1.diff.gz
to pool/volatile/main/c/clamav/clamav_0.92~dfsg-1~volatile1.diff.gz
clamav_0.92~dfsg-1~volatile1.dsc
to pool/volatile/main/c/clamav/clamav_0.92~dfsg-1~volatile1.dsc
clamav_0.92~dfsg-1~volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav_0.92~dfsg-1~volatile1_i386.deb
clamav_0.92~dfsg.orig.tar.gz
to pool/volatile/main/c/clamav/clamav_0.92~dfsg.orig.tar.gz
libclamav-dev_0.92~dfsg-1~volatile1_i386.deb
to pool/volatile/main/c/clamav/libclamav-dev_0.92~dfsg-1~volatile1_i386.deb
libclamav3_0.92~dfsg-1~volatile1_i386.deb
to pool/volatile/main/c/clamav/libclamav3_0.92~dfsg-1~volatile1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
volatile.debian.org distribution maintenance software
pp.
Stephen Gran <[EMAIL PROTECTED]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 17 Dec 2007 17:04:20 +0000
Source: clamav
Binary: libclamav3 clamav libclamav-dev clamav-dbg clamav-milter clamav-base
clamav-freshclam clamav-testfiles clamav-daemon clamav-docs
Architecture: source i386 all
Version: 0.92~dfsg-1~volatile1
Distribution: etch-volatile
Urgency: medium
Maintainer: Stephen Gran <[EMAIL PROTECTED]>
Changed-By: Stephen Gran <[EMAIL PROTECTED]>
Description:
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-dbg - debug symbols for clamav
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
clamav-milter - antivirus scanner for sendmail
clamav-testfiles - use these files to test that your Antivirus program works
libclamav-dev - clam Antivirus library development files
libclamav3 - virus scanner library
Closes: 414246 414993 420391 452543 454052
Changes:
clamav (0.92~dfsg-1~volatile1) etch-volatile; urgency=medium
.
* New upstream version
- urgency medium due to 3 CVEs:
* [CVE-2007-6336]: libclamav/mspack.c: Off-by-1 error in LZX_READ_HUFFSYM
* [CVE-2007-6337]: libclamav/nsis/bzlib_private.h: bzlib issue
* [CVE-2007-6335]: libclamav/pe.c: MEW PE File Integer Overflow
- would be urgency=high, except we have soname transition
- new package libclamav3 thanks to that
- Memory optimizations in trie building (closes: #420391)
- Don't create circular lists when two version of the same database are
loaded (closes: #454052)
- sigtool prints name of file being processed (closes: #414246)
- now displays message number during mbox scans with debug enabled
(closes: #452543)
- clamav-milter now accepts HUP to reopen logfile (closes: #414993)
* Handle new option LogTime for freshclam
Files:
0719ba1979ab1d5386b62304c9aec440 891 utils optional
clamav_0.92~dfsg-1~volatile1.dsc
fc0af10ad28128878504f93191451291 14270919 utils optional
clamav_0.92~dfsg.orig.tar.gz
f91366a17c5a557010de3a4b5292a181 201469 utils optional
clamav_0.92~dfsg-1~volatile1.diff.gz
f0ac80d76c34a187e2793d5ee4450a59 214534 utils optional
clamav-base_0.92~dfsg-1~volatile1_all.deb
2c15e192b5aa0a3e4613fc28e79e0e16 169702 utils optional
clamav-testfiles_0.92~dfsg-1~volatile1_all.deb
0fbb7415103f1bcc78e77a18fe121cd7 1014990 utils optional
clamav-docs_0.92~dfsg-1~volatile1_all.deb
44d1185842c5bbce8ba8fd284e7079b3 432474 libs optional
libclamav3_0.92~dfsg-1~volatile1_i386.deb
24d4b57ee9c6d28a31a8e73d23e17176 885394 utils optional
clamav_0.92~dfsg-1~volatile1_i386.deb
97a5426183d8a4453dec33e41e0cab47 185128 utils optional
clamav-daemon_0.92~dfsg-1~volatile1_i386.deb
1509166a79d9d31286620dd48be37178 11801348 utils optional
clamav-freshclam_0.92~dfsg-1~volatile1_i386.deb
9afa0d788d95d9892b5f6abb4b6a37fd 191278 utils extra
clamav-milter_0.92~dfsg-1~volatile1_i386.deb
6ec8e8fb89a37f63ee7160e54c039a21 439090 libdevel optional
libclamav-dev_0.92~dfsg-1~volatile1_i386.deb
3eb2a20debcd2b6ca0fa01674348100b 664400 utils extra
clamav-dbg_0.92~dfsg-1~volatile1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHZytkSYIMHOpZA44RAjfqAKDe53pcAr0QE5HcN+mE+ACbYprBDgCfR89q
SrTjJmTFnOz9A/+x4OVh7Gw=
=lLhX
-----END PGP SIGNATURE-----
--- End Message ---
