Your message dated Wed, 17 Dec 2008 21:02:51 +0000
with message-id <e1ld3xf-0006eb...@ries.debian.org>
and subject line Bug#505134: fixed in clamav 0.90.1dfsg-4etch16
has caused the Debian Bug report #505134,
regarding clamav: ClamAV get_unicode_name() off-by-one buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
505134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505134
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: clamav
Version: 0.90.1-1
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been reported for clamav. There does not seem to be a CVE id
yet. From http://seclists.org/bugtraq/2008/Nov/0070.html:
ClamAV contains an off-by-one heap overflow vulnerability in the
code responsible for parsing VBA project files. Successful
exploitation could allow an attacker to execute arbitrary code with
the privileges of the `clamd' process by sending an email with a
prepared attachment.
Vulnerable packages:
All versions up to 0.94 are vulnerable.
Version 0.94.1 fixes the problem.
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.90.1dfsg-4etch16
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:
clamav-base_0.90.1dfsg-4etch16_all.deb
to pool/main/c/clamav/clamav-base_0.90.1dfsg-4etch16_all.deb
clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
clamav-docs_0.90.1dfsg-4etch16_all.deb
to pool/main/c/clamav/clamav-docs_0.90.1dfsg-4etch16_all.deb
clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
clamav-milter_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_amd64.deb
clamav-testfiles_0.90.1dfsg-4etch16_all.deb
to pool/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch16_all.deb
clamav_0.90.1dfsg-4etch16.diff.gz
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16.diff.gz
clamav_0.90.1dfsg-4etch16.dsc
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16.dsc
clamav_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16_amd64.deb
libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
libclamav2_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 505...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stephen Gran <sg...@debian.org> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 03 Dec 2008 11:08:39 -0800
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base
clamav-freshclam clamav-testfiles clamav-daemon libclamav2 clamav-docs
Architecture: source amd64 all
Version: 0.90.1dfsg-4etch16
Distribution: stable-security
Urgency: high
Maintainer: Stephen Gran <sg...@debian.org>
Changed-By: Stephen Gran <sg...@debian.org>
Description:
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-dbg - debug symbols for clamav
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
clamav-milter - antivirus scanner for sendmail
clamav-testfiles - use these files to test that your Antivirus program works
libclamav-dev - clam Antivirus library development files
libclamav2 - virus scanner library
Closes: 505134 507624
Changes:
clamav (0.90.1dfsg-4etch16) stable-security; urgency=high
.
* [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow
(Closes: #505134)
* [CVE-2008-5314]: libclamav/special.c: respect recursion limits in
cli_check_jpeg_exploit() (Closes: #507624)
Files:
ebc60299a69aab41dfdb77e667e2857c 908 utils optional
clamav_0.90.1dfsg-4etch16.dsc
5ae1da1b6351a13b5c385919960ca9b7 216130 utils optional
clamav_0.90.1dfsg-4etch16.diff.gz
63e3898029276baf914fafa347747996 201408 utils optional
clamav-base_0.90.1dfsg-4etch16_all.deb
189a55ca25bdf9e03a0ae3b9f4a565e9 158564 utils optional
clamav-testfiles_0.90.1dfsg-4etch16_all.deb
5d316f2ea821b441971b0e05e58e481d 1003722 utils optional
clamav-docs_0.90.1dfsg-4etch16_all.deb
6207bf783731c636eaa192d696466a88 341684 libs optional
libclamav2_0.90.1dfsg-4etch16_amd64.deb
bc8b467814eb5b76b6a165ee7abbbb7d 856672 utils optional
clamav_0.90.1dfsg-4etch16_amd64.deb
99ba1e041488e76a7d6e457ed51536f0 179200 utils optional
clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
cd9f623cfb4f23d1777cf21e830d74b2 9302094 utils optional
clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
c2aa51b550584931f3f1b7b1f6df6508 177968 utils extra
clamav-milter_0.90.1dfsg-4etch16_amd64.deb
e0db968192096ac9215ab676b5750c7d 355706 libdevel optional
libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
5e87c000b193a1d25e03580496b91fc2 594608 utils extra
clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkk23UYACgkQvx6dH3bVKsTRRACgsWpbojk4+KJ9RFG/bM955F4A
5mkAni4qjTCXzElXZTnyyivsKkf+rm8B
=HHZI
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
