* Michael Tautschnig: > It does :-) But (as documented in the other sub-thread) this CVE does not > apply > to etch(-security), there seems no need to add additional patches at this > point. > I've thus attached the full diff between -etch15 and the proposed -etch16 > security release. The changelog now contains the CVE-Id for the > maybe-buffer-overflow, but we're still missing any CVE-Id for the JPEG > exploit,
It's CVE-2008-5314, in case you missed my reference in the other subthread. > diff --git a/debian/changelog b/debian/changelog > index 3986550..67ab90d 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,12 @@ > +clamav (0.90.1dfsg-4etch16) stable-security; urgency=high > + > + * [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow > + (Closes: #505134) > + * libclamav/special.c: respect recursion limits in cli_check_jpeg_exploit() > + (Closes: #507624) > + > + -- Stephen Gran <[EMAIL PROTECTED]> Tue, 02 Dec 2008 20:36:31 -0800 > + Looks fine, please upload. _______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
