On 2019-08-10 09:39:22 [+0200], Hugo Lefeuvre wrote: > Source: clamav > Version: 0.101.2+dfsg-3 > Severity: important > Tags: security upstream > Forwarded: https://bugzilla.clamav.net/show_bug.cgi?id=12356 > > Hi, > > clamav is affected by a DoS vulnerability caused by crafted, extremely > compressed ZIP files. > > Even though this issue is marked as fixed in unstable, the current patch is > incomplete (see upstream bug report). Upstream is actively working on a > more advanced patch.
I am aware of the situation. I uploaded to unstable what upstream released as 0.101.3 (the latest one) and prepared an update for stable. _After_ that, the bugtracker got updated claiming that the fix is not perfect and other zip bomb was added to the backtracker. > regards, > Hugo Sebastian
