Hi Andreas, Thanks for the note. Yet it seems like the Packages files on volatile.debian.org and its mirrors do not reflect availability of the new version.
Sincerely, Etienne Andreas Barth wrote: > --------------------------------------------------------------------------- > Debian Volatile Update Announcement VUA 51-1 http://volatile.debian.org > [email protected] Stephen Gran > Dec 11, 2008 > --------------------------------------------------------------------------- > > Package : clamav > Version : 0.94.dfsg.2-1~volatile1 > Importance : medium > CVE IDs : CVE-2008-5050 CVE-2008-5314 > > The following security flaws were found and fixed in clamav: > > CVE-2008-5050 > > Off-by-one error in the get_unicode_name function > (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 > allows remote attackers to cause a denial of service (crash) or > possibly execute arbitrary code via a crafted VBA project file, > which triggers a heap-based buffer overflow. > > CVE-2008-5314 > > Stack consumption vulnerability in libclamav/special.c in > ClamAV before 0.94.2 allows remote attackers to cause a denial > of service (daemon crash) via a crafted JPEG file, related > to the cli_check_jpeg_exploit, jpeg_check_photoshop, and > jpeg_check_photoshop_8bim functions. > > > If you use clamav, we recommend you upgrade to this version. > > > Upgrade Instructions > -------------------- > > You can get the updated packages at > > http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav > > and install them with dpkg, or add > > deb http://volatile.debian.org/debian-volatile etch/volatile main > deb-src http://volatile.debian.org/debian-volatile etch/volatile main > > to your /etc/apt/sources.list. You can also use any of our mirrors. See > http://www.debian.org/volatile/volatile-mirrors for the full list of > mirrors. The archive signing keys can be downloaded from > http://volatile.debian.org/ziyi-etch.asc and additionaly was included in > the stable point release r1 in Debian Etch. > > For further information about debian-volatile, please refer to > http://www.debian.org/volatile/. > > If there are any issues, please don't hesitate to get in touch with the > debian-volatile team. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
