On Thu, Dec 04, 2008 at 09:26:17AM +0100, Florian Weimer wrote: > Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers > from an off-by-one-error in its VBA project file processing, leading to > a heap-based buffer overflow and potentially arbitrary code execution > (CVE-2008-5050). > > Ilja van Sprundel discovered that ClamAV contains a denial of service > condition in its JPEG file processing because it does not limit the > recursion depth when processing JPEG thumbnails (CVE-2008-5314). > > For the stable distribution (etch), these problems have been fixed in > version 0.90.1dfsg-4etch16. > > For the unstable distribution (sid), these problems have been fixed in > version 0.94.dfsg.2-1.
This looks like quite a serious bug (remote arbitrary code execution). Are there any plans for an update to volatile? Thanks, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
