On 2017-08-07 15:21:48 [+0200], Salvatore Bonaccorso wrote:
> Source: libmspack
> Version: 0.5-1
> Severity: grave
> Tags: security upstream
> the following vulnerability was published for libmspack.
> | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows
> | remote attackers to cause a denial of service (heap-based buffer
> | overflow and application crash) or possibly have unspecified other
> | impact via a crafted CHM file.
> It was fixed in ClamAV already at .
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> For further information see:
>  https://security-tracker.debian.org/tracker/CVE-2017-6419
Stuart, is this enough information or do you need more?