Your message dated Mon, 26 Apr 2010 01:22:48 +0100
with message-id <[email protected]>
and subject line Re: Bug#535881: clamav: recent vulnerabilities
has caused the Debian Bug report #535881,
regarding clamav: recent vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
535881: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535881
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: clamav
version: 0.90.1dfsg-4etch16
severity: important
tags: security
hello,
clamav is vulnerable to several scanner bypass vulnerabilities [1].
note that the upstream version also appears to address some other
security-related issues as well:
* libclamav: detect and handle archives hidden inside other files (eg.
images), which can be unpacked by WinZip, WinRAR and other tools
(bb#1554) Reported by ROGER Mickael and Thierry Zoller
* libclamav/mspack.c, cab.c: don't rely on file sizes stored in CAB
headers (bb#1562) Reported by Thierry*Zoller <Thierry*Zoller.lu>
* libclamunrar/unrarvm.c: fix handling of some broken rar files
* libclamav/mbox.c: handle malformed emails with embedded \0s (bb
#1573)
* libclamav/readdb.c: add offset checks (bb#1615)
[1] http://blog.zoller.lu/2009/05/advisory-clamav-generic-bypass.html
--- End Message ---
--- Begin Message ---
This one time, at band camp, Michael S. Gilbert said:
> hello,
>
> clamav is vulnerable to several scanner bypass vulnerabilities [1].
> note that the upstream version also appears to address some other
> security-related issues as well:
Hi there,
The security team has indicated that security support is dropped for
clamav. The packages in volatile are not vulnerable to these issues,
so I'm closing the bug.
Thanks for the report,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : [email protected] |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
signature.asc
Description: Digital signature
--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
