Package: clamav Version: 0.84-2.sarge.13 Severity: serious Hello,
All versions prior to the 0.90 stable release are suspected to be vulnerable to a directory traversal vulnerability that allows remote attackers to overwrite files owned by the clamd scanner, such as the virus database file. This has been assigned the name CVE-2007-0898, and has been fixed in upstream 0.90. A sarge security fix backport will probably be needed. Ciao, -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.18 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Versions of packages clamav depends on: ii clamav-freshclam [cla 0.84-2.sarge.13 downloads clamav virus databases f ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an ii libclamav1 0.84-2.sarge.13 virus scanner library ii libcurl3 7.13.2-2sarge5 Multi-protocol file transfer libra ii libgmp3 4.1.4-6 Multiprecision arithmetic library ii libidn11 0.5.13-1.0 GNU libidn library, implementation ii libssl0.9.7 0.9.7e-3sarge4 SSL shared libraries ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]