Your message dated Tue, 09 Sep 2008 19:32:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#498338: fixed in havp 0.89-1
has caused the Debian Bug report #498338,
regarding havp depends on old clamav. This clamav version is vulnerable.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
498338: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498338
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: havp
Version: 0.88-1.1
Severity: normal
http://www.securityfocus.com/bid/31051/info
ClamAV Multiple Unspecified Memory Corruption Vulnerabilities:
ClamAV is prone to multiple unspecified memory-corruption
vulnerabilities.
Attackers may be able to exploit these issues to exhaust resources or
possibly crash the affected application, denying service to legitimate
users. Attackers may also be able to obtain sensitive information and
run arbitrary code.
Versions prior to ClamAV 0.94 are vulnerable.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (650, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to
en_US.utf8)
Versions of packages havp depends on:
ii adduser 3.102 Add and remove users and groups
ii debconf [debconf-2 1.5.11etch2 Debian configuration management sy
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libclamav4 0.93.3.dfsg-volatile1 anti-virus utility for Unix - libr
ii libgcc1 1:4.1.1-21 GCC support library
ii libstdc++6 4.3.1-9 The GNU Standard C++ Library v3
Versions of packages havp recommends:
ii clamav-freshclam 0.94.dfsg-1~volatile1 anti-virus utility for Unix - viru
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: havp
Source-Version: 0.89-1
We believe that the bug you reported is fixed in the latest version of
havp, which is due to be installed in the Debian FTP archive:
havp_0.89-1.diff.gz
to pool/main/h/havp/havp_0.89-1.diff.gz
havp_0.89-1.dsc
to pool/main/h/havp/havp_0.89-1.dsc
havp_0.89-1_i386.deb
to pool/main/h/havp/havp_0.89-1_i386.deb
havp_0.89.orig.tar.gz
to pool/main/h/havp/havp_0.89.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Rene Mayrhofer <[EMAIL PROTECTED]> (supplier of updated havp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 09 Sep 2008 19:40:53 +0200
Source: havp
Binary: havp
Architecture: source i386
Version: 0.89-1
Distribution: unstable
Urgency: high
Maintainer: Rene Mayrhofer <[EMAIL PROTECTED]>
Changed-By: Rene Mayrhofer <[EMAIL PROTECTED]>
Description:
havp - HTTP Anti Virus Proxy
Closes: 487598 492235 492236 496034 498338
Changes:
havp (0.89-1) unstable; urgency=high
.
Justification for urgency high: compiles with new libclamav-dev and
therefore fixes FTBFS for Lenny,
* New upstream release. This includes the fix for the potential DoS
issue. Therefore, remove
debian/patches/05_bts496034_CVE-2008-3688_fix_infinite_retry.dpatch.
The new upstream version has another small bugfix (sending Via:
header) but no additional changes and is therefore safe for Lenny.
Closes: #496034: CVE-2008-3688: DoS by infinite loop
Closes: #498338: havp depends on old clamav. This clamav version is
vulnerable.
* Acknowledge NMU:
Closes: #492235: havp: does not delete temp files
Closes: #492236: havp: can't install if port 8080 in use
Closes: #487598: [INTL:sv] Swedish translation of debconf templates
Checksums-Sha1:
5e2d74f307161be58e2c62382e30f8208fb305b9 1008 havp_0.89-1.dsc
8f3c8596a0bd5ac1baf0cb9486b0d0967e85e717 117935 havp_0.89.orig.tar.gz
fb56b615e99f38f57f9e2f1f358e41c9c7784034 23205 havp_0.89-1.diff.gz
86c50142075295b79c5c1cda1d11801ac67ff3bd 147286 havp_0.89-1_i386.deb
Checksums-Sha256:
5a98d3ba2a0c4c37b4b7c42247f2cbc57c7c2d03ff880bf9b2de3501690d5543 1008
havp_0.89-1.dsc
48b8f9b3e653df82446d45903556858e974fc18ba2b5ed8becb36e3960f78d31 117935
havp_0.89.orig.tar.gz
77fa4439073470f816a02baecb530497d87e9ce76c3388a28396b03f587ffbe6 23205
havp_0.89-1.diff.gz
5c86e010dcd62848616465bd0f726ff1aea975262d090e7fc31ba72214b63bab 147286
havp_0.89-1_i386.deb
Files:
14c6a79817c102c3a40e9f44cbc414d7 1008 net optional havp_0.89-1.dsc
e607ca75a55cc37cb17e2bc20c9441a7 117935 net optional havp_0.89.orig.tar.gz
e98c62f30c7dc7de902362d56b11d239 23205 net optional havp_0.89-1.diff.gz
3121cac0fe91425347dd6c6bd204646e 147286 net optional havp_0.89-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjGurkACgkQq7SPDcPCS96EHgCeN2fm+CDO+KhCnLBcRvWQawW7
WbUAnixPSFetiVZcW9MQLCXKCs8YkYEv
=TYMW
-----END PGP SIGNATURE-----
--- End Message ---
