Your message dated Wed, 19 Dec 2007 09:17:20 +0100 (CET)
with message-id <[EMAIL PROTECTED]>
and subject line Bug#454052: fixed in clamav 0.92~dfsg-0volatile1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libclamav2
Version: 0.91.2-3 0.91.2-4
Hello,
I have seen a segfault in libclamav2 when I turn on
"PhishingSignatures" flag on a sparc64/smp (U80). I have run clamd with
debug options in gdb :
LibClamAV debug: blobClose: recovered 8180 bytes from 8192
LibClamAV debug: blobClose: recovered 8183 bytes from 8192
LibClamAV debug: blobClose: recovered 8183 bytes from 8192
LibClamAV debug: blobClose: recovered 8156 bytes from 8192
LibClamAV debug: blobClose: recovered 8156 bytes from 8192
LibClamAV debug: getHrefs: html_normalise_mem returned
LibClamAV debug: Phishcheck: href with no contents?
LibClamAV debug: Phishcheck:Checking url
http://home.edt02.net/emc/emchV4c/?c=18
cliquant
ici6369-0-49344-531291651-0-0-0-0-nadege.teixeira%atpc30.fr->en
LibClamAV debug: Phishing: looking up in whitelist:
http://home.edt02.net/emc/em
chV4c/?c=18860-49343-28165-1-96369-0-49344-531291651-0-0-0-0-nadege.teixeira�pc3
0.fr:encliquantici; host-only:0
LibClamAV debug: Looking up in regex_list:
http://home.edt02.net/emc/emchV4c/?c=
18860-49343-28165-1-96369-0-49344-531291651-0-0-0-0-nadege.teixeira�pc30.fr:encl
iquantici/
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf7877b90 (LWP 1991)]
0xf7f8527c in regex_list_match () from /usr/lib/libclamav.so.2
(gdb) up
#1 0xf7f835b8 in whitelist_match () from /usr/lib/libclamav.so.2
(gdb) up
#2 0xf7f82adc in phishingScan () from /usr/lib/libclamav.so.2
(gdb) up
#3 0xf7f3f57c in ?? () from /usr/lib/libclamav.so.2
(gdb) up
#4 0xf7f3f57c in ?? () from /usr/lib/libclamav.so.2
(gdb) up
Initial frame selected; you cannot go up.
(gdb) quit
My clamd.conf :
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket true
User defang
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ArchiveMaxCompressionRatio 250
ArchiveLimitMemoryUsage false
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 120
MaxThreads 12
MaxConnectionQueueLength 30
StreamMaxLength 10M
LogSyslog true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose true
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav/
TemporaryDirectory /tmp
SelfCheck 1800
Foreground true
Debug true
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
MailFollowURLs false
ArchiveBlockMax false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
NodalCoreAcceleration false
IdleTimeout 30
MailMaxRecursion 64
PhishingSignatures false
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Regards,
JKB
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.92~dfsg-0volatile1
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the volatile.debian.org FTP archive:
clamav-base_0.92~dfsg-0volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-base_0.92~dfsg-0volatile1_all.deb
clamav-daemon_0.92~dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-daemon_0.92~dfsg-0volatile1_i386.deb
clamav-docs_0.92~dfsg-0volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-docs_0.92~dfsg-0volatile1_all.deb
clamav-freshclam_0.92~dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-freshclam_0.92~dfsg-0volatile1_i386.deb
clamav-milter_0.92~dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-milter_0.92~dfsg-0volatile1_i386.deb
clamav-testfiles_0.92~dfsg-0volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-testfiles_0.92~dfsg-0volatile1_all.deb
clamav_0.92~dfsg-0volatile1.diff.gz
to pool/volatile/main/c/clamav/clamav_0.92~dfsg-0volatile1.diff.gz
clamav_0.92~dfsg-0volatile1.dsc
to pool/volatile/main/c/clamav/clamav_0.92~dfsg-0volatile1.dsc
clamav_0.92~dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav_0.92~dfsg-0volatile1_i386.deb
libclamav-dev_0.92~dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/libclamav-dev_0.92~dfsg-0volatile1_i386.deb
libclamav3_0.92~dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/libclamav3_0.92~dfsg-0volatile1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
volatile.debian.org distribution maintenance software
pp.
Stephen Gran <[EMAIL PROTECTED]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 18 Dec 2007 02:14:21 +0000
Source: clamav
Binary: libclamav3 clamav libclamav-dev clamav-milter clamav-base
clamav-freshclam clamav-testfiles clamav-daemon clamav-docs
Architecture: source all i386
Version: 0.92~dfsg-0volatile1
Distribution: sarge-volatile
Urgency: low
Maintainer: Stephen Gran <[EMAIL PROTECTED]>
Changed-By: Stephen Gran <[EMAIL PROTECTED]>
Description:
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
clamav-milter - antivirus scanner for sendmail
clamav-testfiles - use these files to test that your Antivirus program works
libclamav-dev - clam Antivirus library development files
libclamav3 - virus scanner library
Closes: 414246 414993 420391 452543 454052
Changes:
clamav (0.92~dfsg-0volatile1) sarge-volatile; urgency=low
.
* New upstream version
- urgency medium due to 3 CVEs:
* [CVE-2007-6336]: libclamav/mspack.c: Off-by-1 error in LZX_READ_HUFFSYM
* [CVE-2007-6337]: libclamav/nsis/bzlib_private.h: bzlib issue
* [CVE-2007-6335]: libclamav/pe.c: MEW PE File Integer Overflow
- would be urgency=high, except we have soname transition
- new package libclamav3 thanks to that
- Memory optimizations in trie building (closes: #420391)
- Don't create circular lists when two version of the same database are
loaded (closes: #454052)
- sigtool prints name of file being processed (closes: #414246)
- now displays message number during mbox scans with debug enabled
(closes: #452543)
- clamav-milter now accepts HUP to reopen logfile (closes: #414993)
* Handle new option LogTime for freshclam
Files:
8c1b15e9b8cf3fac7423bbcd9ffa8f7b 855 utils optional
clamav_0.92~dfsg-0volatile1.dsc
530bf853d864cf84af57641f3abe2ee0 226403 utils optional
clamav_0.92~dfsg-0volatile1.diff.gz
d15630146dfea53d4db2ba8e54cc6a9b 211682 utils optional
clamav-base_0.92~dfsg-0volatile1_all.deb
159cb1b1c80cd53d9adf58abe0db2a4a 166686 utils optional
clamav-testfiles_0.92~dfsg-0volatile1_all.deb
9b286bebdf94f27cd7c1c0d55e05af9e 1003274 utils optional
clamav-docs_0.92~dfsg-0volatile1_all.deb
37e9a2fd8f4cda1494f9ed9646bfd524 424592 libs optional
libclamav3_0.92~dfsg-0volatile1_i386.deb
b5b9df6bee3f73e6f4b4edf68470d958 878900 utils optional
clamav_0.92~dfsg-0volatile1_i386.deb
c187941271f6fb1a8dc0d53327754cb5 183410 utils optional
clamav-daemon_0.92~dfsg-0volatile1_i386.deb
1d67f2a4118cf72910f41011184508da 11796804 utils optional
clamav-freshclam_0.92~dfsg-0volatile1_i386.deb
4d3375fb36ec391fb9a5a145085dc68b 188424 utils extra
clamav-milter_0.92~dfsg-0volatile1_i386.deb
83b65a28c0e79dae7349abc30de5898e 433920 libdevel optional
libclamav-dev_0.92~dfsg-0volatile1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHZzPqSYIMHOpZA44RAv2BAJ4wix8FY5CiJIyI+eLR/9EkwdUYvACgnwte
t8wKmeQ7BImj1YQdbo7gADI=
=Ve7u
-----END PGP SIGNATURE-----
--- End Message ---
