Debian Bug report logs - #505134
clamav: ClamAV get_unicode_name() off-by-one buffer overflow

version graph

Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>; Source for clamav is src:clamav.

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Sun, 9 Nov 2008 18:57:01 UTC

Severity: grave

Tags: security

Found in version clamav/0.90.1-1

Fixed in versions clamav/0.94.dfsg.1-1~volatile1, clamav/0.94.dfsg.1-1, clamav/0.90.1dfsg-4etch16

Done: Stephen Gran <sgran@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Stephen Gran <sgran@debian.org>:
Bug#505134; Package clamav. (Sun, 09 Nov 2008 18:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Stephen Gran <sgran@debian.org>. (Sun, 09 Nov 2008 18:57:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: clamav: ClamAV get_unicode_name() off-by-one buffer overflow
Date: Sun, 09 Nov 2008 19:54:51 +0100
Package: clamav
Version: 0.90.1-1
Severity: grave
Tags: security
Justification: user security hole

A vulnerability has been reported for clamav. There does not seem to be a CVE id
yet.  From http://seclists.org/bugtraq/2008/Nov/0070.html: 

ClamAV contains an off-by-one heap overflow vulnerability in the
code responsible for parsing VBA project files. Successful
exploitation could allow an attacker to execute arbitrary code with
the privileges of the `clamd' process by sending an email with a
prepared attachment.

Vulnerable packages: 
 
All versions up to 0.94 are vulnerable. 
Version 0.94.1 fixes the problem.




Reply sent to Michael Tautschnig <mt@debian.org>:
You have taken responsibility. (Wed, 12 Nov 2008 02:06:20 GMT) Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. (Wed, 12 Nov 2008 02:06:21 GMT) Full text and rfc822 format available.

Message #10 received at 505134-close@bugs.debian.org (full text, mbox):

From: Michael Tautschnig <mt@debian.org>
To: 505134-close@bugs.debian.org
Subject: Bug#505134: fixed in clamav 0.94.dfsg.1-1~volatile1
Date: Wed, 12 Nov 2008 02:05:20 +0000 (UTC)
Source: clamav
Source-Version: 0.94.dfsg.1-1~volatile1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the volatile.debian.org FTP archive:

clamav-base_0.94.dfsg.1-1~volatile1_all.deb
  to pool/volatile/main/c/clamav/clamav-base_0.94.dfsg.1-1~volatile1_all.deb
clamav-daemon_0.94.dfsg.1-1~volatile1_amd64.deb
  to pool/volatile/main/c/clamav/clamav-daemon_0.94.dfsg.1-1~volatile1_amd64.deb
clamav-dbg_0.94.dfsg.1-1~volatile1_amd64.deb
  to pool/volatile/main/c/clamav/clamav-dbg_0.94.dfsg.1-1~volatile1_amd64.deb
clamav-docs_0.94.dfsg.1-1~volatile1_all.deb
  to pool/volatile/main/c/clamav/clamav-docs_0.94.dfsg.1-1~volatile1_all.deb
clamav-freshclam_0.94.dfsg.1-1~volatile1_amd64.deb
  to pool/volatile/main/c/clamav/clamav-freshclam_0.94.dfsg.1-1~volatile1_amd64.deb
clamav-milter_0.94.dfsg.1-1~volatile1_amd64.deb
  to pool/volatile/main/c/clamav/clamav-milter_0.94.dfsg.1-1~volatile1_amd64.deb
clamav-testfiles_0.94.dfsg.1-1~volatile1_all.deb
  to pool/volatile/main/c/clamav/clamav-testfiles_0.94.dfsg.1-1~volatile1_all.deb
clamav_0.94.dfsg.1-1~volatile1.diff.gz
  to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1-1~volatile1.diff.gz
clamav_0.94.dfsg.1-1~volatile1.dsc
  to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1-1~volatile1.dsc
clamav_0.94.dfsg.1-1~volatile1_amd64.deb
  to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1-1~volatile1_amd64.deb
clamav_0.94.dfsg.1.orig.tar.gz
  to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1.orig.tar.gz
libclamav-dev_0.94.dfsg.1-1~volatile1_amd64.deb
  to pool/volatile/main/c/clamav/libclamav-dev_0.94.dfsg.1-1~volatile1_amd64.deb
libclamav5_0.94.dfsg.1-1~volatile1_amd64.deb
  to pool/volatile/main/c/clamav/libclamav5_0.94.dfsg.1-1~volatile1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 505134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

volatile.debian.org distribution maintenance software
pp.
Michael Tautschnig <mt@debian.org> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@volatile.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 12 Nov 2008 01:57:58 +0100
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles libclamav5 clamav-daemon clamav-docs
Architecture: source amd64 all
Version: 0.94.dfsg.1-1~volatile1
Distribution: etch-volatile
Urgency: low
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
Changed-By: Michael Tautschnig <mt@debian.org>
Description: 
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav5 - anti-virus utility for Unix - library
Closes: 486076 500007 500416 501298 501627 502165 505134
Changes: 
 clamav (0.94.dfsg.1-1~volatile1) etch-volatile; urgency=low
 .
   [ Stephen Gran ]
   * New upstream version (closes: #505134, #502165, #501298)
   * Handle new option SubmitDetectionStats in freshclam.conf
   * Remove RAR from the description, since we really don't handle it anymore
   * Skip 'sleep until -e socket' logic if socket is of type inet (LP #296086)
 .
   [ Michael Meskes ]
   * Changed watch file to account for dfsg extension.
   * Do not configure temporary directory in clamd.conf anymore unless it is
     already configured there.
   * Added Basque debconf translation (closes: #500007)
 .
   [ Michael Tautschnig ]
   * Use lsb's status_of_proc function to determine the status of the process
     and return with according exit codes (closes: #486076)
   * Updated Dutch debconf translation (thanks Paul Gevers <paul@climbing.nl>)
     (closes: #501627)
   * Changed versioned dependency of clamav-daemon to clamav-base to equals
     (closes: #500416)
   * Handle new option DetectionStatsCountry in freshclam.conf
   * Don't trust the multilib guessing stuff, always use libdir=$prefix/lib
   * Removed nowadays unused lintian overrides
   * Create md5sums control file for clamav-dbg as well (thanks, lintian)
   * Added myself as uploader.
Files: 
 1d7cd6c974117a046eabba4ec4fee920 967 utils optional clamav_0.94.dfsg.1-1~volatile1.dsc
 8637ed043ce1408486dbe31a5344cfcf 21796733 utils optional clamav_0.94.dfsg.1.orig.tar.gz
 5ddabd66d6538c1c3bb159d1f7919fe4 155608 utils optional clamav_0.94.dfsg.1-1~volatile1.diff.gz
 b76abf01dab717e79633bf733aa26f57 19208178 utils optional clamav-base_0.94.dfsg.1-1~volatile1_all.deb
 e0e60749631ee413c07f4f1b2634b80a 203166 utils optional clamav-testfiles_0.94.dfsg.1-1~volatile1_all.deb
 576a890b94d5d2437699c097c7a5d136 1074046 doc optional clamav-docs_0.94.dfsg.1-1~volatile1_all.deb
 a98a213bf26b2e6a83f6b0f31b30a61a 521226 libs optional libclamav5_0.94.dfsg.1-1~volatile1_amd64.deb
 346593d076e50ad8242e70cbe38dc259 231052 utils optional clamav_0.94.dfsg.1-1~volatile1_amd64.deb
 543f333d5931fd94cb2269fa788d38de 232956 utils optional clamav-daemon_0.94.dfsg.1-1~volatile1_amd64.deb
 cc11048932d9f5b6137bd3e9ad57b36b 248892 utils optional clamav-freshclam_0.94.dfsg.1-1~volatile1_amd64.deb
 f09e5e91e087fd723a258bdb0614339f 228140 utils extra clamav-milter_0.94.dfsg.1-1~volatile1_amd64.deb
 f4c654a30a12536f6479a6f100cddcbe 559516 libdevel optional libclamav-dev_0.94.dfsg.1-1~volatile1_amd64.deb
 b7ef731a2ec061f871e507373034f8b7 842912 utils extra clamav-dbg_0.94.dfsg.1-1~volatile1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkaOIUACgkQvx6dH3bVKsSD8ACffJ9MMO/nKwvAtr1hEujjn9Je
oN8An2lzzPch9oXsWryZmGckifsDOp/x
=tYuW
-----END PGP SIGNATURE-----





Reply sent to Michael Tautschnig <mt@debian.org>:
You have taken responsibility. (Wed, 12 Nov 2008 02:33:19 GMT) Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. (Wed, 12 Nov 2008 02:33:19 GMT) Full text and rfc822 format available.

Message #15 received at 505134-close@bugs.debian.org (full text, mbox):

From: Michael Tautschnig <mt@debian.org>
To: 505134-close@bugs.debian.org
Subject: Bug#505134: fixed in clamav 0.94.dfsg.1-1
Date: Wed, 12 Nov 2008 02:02:06 +0000
Source: clamav
Source-Version: 0.94.dfsg.1-1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:

clamav-base_0.94.dfsg.1-1_all.deb
  to pool/main/c/clamav/clamav-base_0.94.dfsg.1-1_all.deb
clamav-daemon_0.94.dfsg.1-1_i386.deb
  to pool/main/c/clamav/clamav-daemon_0.94.dfsg.1-1_i386.deb
clamav-dbg_0.94.dfsg.1-1_i386.deb
  to pool/main/c/clamav/clamav-dbg_0.94.dfsg.1-1_i386.deb
clamav-docs_0.94.dfsg.1-1_all.deb
  to pool/main/c/clamav/clamav-docs_0.94.dfsg.1-1_all.deb
clamav-freshclam_0.94.dfsg.1-1_i386.deb
  to pool/main/c/clamav/clamav-freshclam_0.94.dfsg.1-1_i386.deb
clamav-milter_0.94.dfsg.1-1_i386.deb
  to pool/main/c/clamav/clamav-milter_0.94.dfsg.1-1_i386.deb
clamav-testfiles_0.94.dfsg.1-1_all.deb
  to pool/main/c/clamav/clamav-testfiles_0.94.dfsg.1-1_all.deb
clamav_0.94.dfsg.1-1.diff.gz
  to pool/main/c/clamav/clamav_0.94.dfsg.1-1.diff.gz
clamav_0.94.dfsg.1-1.dsc
  to pool/main/c/clamav/clamav_0.94.dfsg.1-1.dsc
clamav_0.94.dfsg.1-1_i386.deb
  to pool/main/c/clamav/clamav_0.94.dfsg.1-1_i386.deb
clamav_0.94.dfsg.1.orig.tar.gz
  to pool/main/c/clamav/clamav_0.94.dfsg.1.orig.tar.gz
libclamav-dev_0.94.dfsg.1-1_i386.deb
  to pool/main/c/clamav/libclamav-dev_0.94.dfsg.1-1_i386.deb
libclamav5_0.94.dfsg.1-1_i386.deb
  to pool/main/c/clamav/libclamav5_0.94.dfsg.1-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 505134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tautschnig <mt@debian.org> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 12 Nov 2008 01:57:58 +0100
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav5 clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all i386
Version: 0.94.dfsg.1-1
Distribution: unstable
Urgency: low
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
Changed-By: Michael Tautschnig <mt@debian.org>
Description: 
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav5 - anti-virus utility for Unix - library
Closes: 486076 500007 500416 501298 501627 502165 505134
Changes: 
 clamav (0.94.dfsg.1-1) unstable; urgency=low
 .
   [ Stephen Gran ]
   * New upstream version (closes: #505134, #502165, #501298)
   * Handle new option SubmitDetectionStats in freshclam.conf
   * Remove RAR from the description, since we really don't handle it anymore
   * Skip 'sleep until -e socket' logic if socket is of type inet (LP #296086)
 .
   [ Michael Meskes ]
   * Added myself as uploader.
   * Changed watch file to account for dfsg extension.
   * Do not configure temporary directory in clamd.conf anymore unless it is
     already configured there.
   * Added Basque debconf translation (closes: #500007)
 .
   [ Michael Tautschnig ]
   * Use lsb's status_of_proc function to determine the status of the process
     and return with according exit codes (closes: #486076)
   * Updated Dutch debconf translation (thanks Paul Gevers <paul@climbing.nl>)
     (closes: #501627)
   * Changed versioned dependency of clamav-daemon to clamav-base to equals
     (closes: #500416)
   * Handle new option DetectionStatsCountry in freshclam.conf
   * Don't trust the multilib guessing stuff, always use libdir=$prefix/lib
   * Removed nowadays unused lintian overrides
   * Create md5sums control file for clamav-dbg as well (thanks, lintian)
Checksums-Sha1: 
 93da1eb62ce8fcd434a2b9a11f550a4f98cdb476 1387 clamav_0.94.dfsg.1-1.dsc
 213e5aa589bb85725764f3899ebea2d5006399aa 21796733 clamav_0.94.dfsg.1.orig.tar.gz
 4b884da631cad7f64acd9808f738276648564a68 159025 clamav_0.94.dfsg.1-1.diff.gz
 4624e8aac4fd8486302a08e9d0477e2fb9599934 19209594 clamav-base_0.94.dfsg.1-1_all.deb
 36b43ca3f6e3341374db580d29cefedeea8d85a1 205380 clamav-testfiles_0.94.dfsg.1-1_all.deb
 5c72e7b2e2c4a9a72d2d96dd8267b480dd729579 1075072 clamav-docs_0.94.dfsg.1-1_all.deb
 7b9148001050858a94b00d62595254ac7492828f 518824 libclamav5_0.94.dfsg.1-1_i386.deb
 29f1c3f51b5fd711d578276fb5517be0d807e198 229864 clamav_0.94.dfsg.1-1_i386.deb
 1137ef73fb058839e193704b81a0dbb6288f1ae7 227416 clamav-daemon_0.94.dfsg.1-1_i386.deb
 0d84d68007aedbaaa297f4495b1681de7544cd11 248876 clamav-freshclam_0.94.dfsg.1-1_i386.deb
 0c4698dab0e6170c7e1006d4224f58bb5bd68a2b 227326 clamav-milter_0.94.dfsg.1-1_i386.deb
 9b063664e20961b081bc7774838d1aca41bb8801 536276 libclamav-dev_0.94.dfsg.1-1_i386.deb
 a10bda2ef571450b4763bb0e523a7037a2a92a3c 804066 clamav-dbg_0.94.dfsg.1-1_i386.deb
Checksums-Sha256: 
 9b2e3f5d13e71c617d96fa228019934022dd4a951d037d25838b16a0f706cfba 1387 clamav_0.94.dfsg.1-1.dsc
 133186417ea9d2cfa6c0221d72b083dd0370e5b94dbbf7ed2c3a664d1a0f3752 21796733 clamav_0.94.dfsg.1.orig.tar.gz
 26f4c0dfb06387ef1082d0abb6441ca1825d83dac4b95ca32478b1025c412503 159025 clamav_0.94.dfsg.1-1.diff.gz
 b3cfeffc372ad5e3209caf81f919b506fbea22eeba8864e2027e2f7ec2244d14 19209594 clamav-base_0.94.dfsg.1-1_all.deb
 3ff649a0d7af53fdfbf6d90352c13380e77295ddc3c340f23096d866d1b0a737 205380 clamav-testfiles_0.94.dfsg.1-1_all.deb
 bf191718da1ba5b50c75e0775c31c1d308df46f5bf44e85299765950e62c394b 1075072 clamav-docs_0.94.dfsg.1-1_all.deb
 4669d8ffd67cfd78849da206c36049d5fd757e58be8fc176eaf9cd526886fcf3 518824 libclamav5_0.94.dfsg.1-1_i386.deb
 d02d12cfd5c2208e32294e53b53e494e69c6fbfb337cb25b054e40ab3e0e2fa1 229864 clamav_0.94.dfsg.1-1_i386.deb
 7862106b4760745712b37ba116a10380420c2b65a8e11288e9975709b248e9ea 227416 clamav-daemon_0.94.dfsg.1-1_i386.deb
 874aee2d5e2c1768a02672ee7802602a7481bdbd8701de1b991c7533bc0744a8 248876 clamav-freshclam_0.94.dfsg.1-1_i386.deb
 ae7e91fd707b9a3ccc4f5b5f422eca20964a7f9b38651945167c80720bb77935 227326 clamav-milter_0.94.dfsg.1-1_i386.deb
 ff40263b509f7581abf7e7a457a8e6d983137b1401c0a6ad16fc3c1a67b76e15 536276 libclamav-dev_0.94.dfsg.1-1_i386.deb
 00c3a2537820ffbc6a5c865712c32d71625783111a5c18754208e3379bcdcc52 804066 clamav-dbg_0.94.dfsg.1-1_i386.deb
Files: 
 eea85e1b567764495e07bf4dcda60381 1387 utils optional clamav_0.94.dfsg.1-1.dsc
 8637ed043ce1408486dbe31a5344cfcf 21796733 utils optional clamav_0.94.dfsg.1.orig.tar.gz
 f23c91cbd988920e37d05807fcef8372 159025 utils optional clamav_0.94.dfsg.1-1.diff.gz
 ed7d66ae2263838001592f907ee60af1 19209594 utils optional clamav-base_0.94.dfsg.1-1_all.deb
 e9742644fdfe6d07bf0d9e97d82788c4 205380 utils optional clamav-testfiles_0.94.dfsg.1-1_all.deb
 7683397be27fbad981f11f5cd87c0590 1075072 doc optional clamav-docs_0.94.dfsg.1-1_all.deb
 392d1592801b2a6bbe6265333998d144 518824 libs optional libclamav5_0.94.dfsg.1-1_i386.deb
 b17741a00b0fd771c9560566f30e77e3 229864 utils optional clamav_0.94.dfsg.1-1_i386.deb
 0d9fcafc306b577e2071c0a430027381 227416 utils optional clamav-daemon_0.94.dfsg.1-1_i386.deb
 76f63c7c89cf2bba9995cdc700d6a224 248876 utils optional clamav-freshclam_0.94.dfsg.1-1_i386.deb
 077bf8e1b08f47ec3411a7fa494e5b8d 227326 utils extra clamav-milter_0.94.dfsg.1-1_i386.deb
 5d6f639006b8595ac953fd0f1293c3ed 536276 libdevel optional libclamav-dev_0.94.dfsg.1-1_i386.deb
 bf4f8346b1bcb6b31376910234ea87a5 804066 utils extra clamav-dbg_0.94.dfsg.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkaNeAACgkQvx6dH3bVKsQbqgCglQg7+UX+HU9eIHZpS/GJprK+
m9EAoKxDcfwvulXPw6D9jTS7ordKgVBf
=IBP8
-----END PGP SIGNATURE-----





Reply sent to Stephen Gran <sgran@debian.org>:
You have taken responsibility. (Fri, 05 Dec 2008 20:00:15 GMT) Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. (Fri, 05 Dec 2008 20:00:15 GMT) Full text and rfc822 format available.

Message #20 received at 505134-close@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: 505134-close@bugs.debian.org
Subject: Bug#505134: fixed in clamav 0.90.1dfsg-4etch16
Date: Fri, 05 Dec 2008 19:52:40 +0000
Source: clamav
Source-Version: 0.90.1dfsg-4etch16

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:

clamav-base_0.90.1dfsg-4etch16_all.deb
  to pool/main/c/clamav/clamav-base_0.90.1dfsg-4etch16_all.deb
clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
clamav-docs_0.90.1dfsg-4etch16_all.deb
  to pool/main/c/clamav/clamav-docs_0.90.1dfsg-4etch16_all.deb
clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
clamav-milter_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_amd64.deb
clamav-testfiles_0.90.1dfsg-4etch16_all.deb
  to pool/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch16_all.deb
clamav_0.90.1dfsg-4etch16.diff.gz
  to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16.diff.gz
clamav_0.90.1dfsg-4etch16.dsc
  to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16.dsc
clamav_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16_amd64.deb
libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
libclamav2_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 505134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stephen Gran <sgran@debian.org> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 03 Dec 2008 11:08:39 -0800
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav2 clamav-docs
Architecture: source amd64 all
Version: 0.90.1dfsg-4etch16
Distribution: stable-security
Urgency: high
Maintainer: Stephen Gran <sgran@debian.org>
Changed-By: Stephen Gran <sgran@debian.org>
Description: 
 clamav     - antivirus scanner for Unix
 clamav-base - base package for clamav, an anti-virus utility for Unix
 clamav-daemon - antivirus scanner daemon
 clamav-dbg - debug symbols for clamav
 clamav-docs - documentation package for clamav, an anti-virus utility for Unix
 clamav-freshclam - downloads clamav virus databases from the Internet
 clamav-milter - antivirus scanner for sendmail
 clamav-testfiles - use these files to test that your Antivirus program works
 libclamav-dev - clam Antivirus library development files
 libclamav2 - virus scanner library
Closes: 505134 507624
Changes: 
 clamav (0.90.1dfsg-4etch16) stable-security; urgency=high
 .
   * [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow
     (Closes: #505134)
   * [CVE-2008-5314]: libclamav/special.c: respect recursion limits in
     cli_check_jpeg_exploit() (Closes: #507624)
Files: 
 ebc60299a69aab41dfdb77e667e2857c 908 utils optional clamav_0.90.1dfsg-4etch16.dsc
 5ae1da1b6351a13b5c385919960ca9b7 216130 utils optional clamav_0.90.1dfsg-4etch16.diff.gz
 63e3898029276baf914fafa347747996 201408 utils optional clamav-base_0.90.1dfsg-4etch16_all.deb
 189a55ca25bdf9e03a0ae3b9f4a565e9 158564 utils optional clamav-testfiles_0.90.1dfsg-4etch16_all.deb
 5d316f2ea821b441971b0e05e58e481d 1003722 utils optional clamav-docs_0.90.1dfsg-4etch16_all.deb
 6207bf783731c636eaa192d696466a88 341684 libs optional libclamav2_0.90.1dfsg-4etch16_amd64.deb
 bc8b467814eb5b76b6a165ee7abbbb7d 856672 utils optional clamav_0.90.1dfsg-4etch16_amd64.deb
 99ba1e041488e76a7d6e457ed51536f0 179200 utils optional clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
 cd9f623cfb4f23d1777cf21e830d74b2 9302094 utils optional clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
 c2aa51b550584931f3f1b7b1f6df6508 177968 utils extra clamav-milter_0.90.1dfsg-4etch16_amd64.deb
 e0db968192096ac9215ab676b5750c7d 355706 libdevel optional libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
 5e87c000b193a1d25e03580496b91fc2 594608 utils extra clamav-dbg_0.90.1dfsg-4etch16_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkk23UYACgkQvx6dH3bVKsTRRACgsWpbojk4+KJ9RFG/bM955F4A
5mkAni4qjTCXzElXZTnyyivsKkf+rm8B
=HHZI
-----END PGP SIGNATURE-----





Reply sent to Stephen Gran <sgran@debian.org>:
You have taken responsibility. (Wed, 17 Dec 2008 21:19:09 GMT) Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. (Wed, 17 Dec 2008 21:19:33 GMT) Full text and rfc822 format available.

Message #25 received at 505134-close@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: 505134-close@bugs.debian.org
Subject: Bug#505134: fixed in clamav 0.90.1dfsg-4etch16
Date: Wed, 17 Dec 2008 21:02:51 +0000
Source: clamav
Source-Version: 0.90.1dfsg-4etch16

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:

clamav-base_0.90.1dfsg-4etch16_all.deb
  to pool/main/c/clamav/clamav-base_0.90.1dfsg-4etch16_all.deb
clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
clamav-docs_0.90.1dfsg-4etch16_all.deb
  to pool/main/c/clamav/clamav-docs_0.90.1dfsg-4etch16_all.deb
clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
clamav-milter_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_amd64.deb
clamav-testfiles_0.90.1dfsg-4etch16_all.deb
  to pool/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch16_all.deb
clamav_0.90.1dfsg-4etch16.diff.gz
  to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16.diff.gz
clamav_0.90.1dfsg-4etch16.dsc
  to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16.dsc
clamav_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16_amd64.deb
libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
libclamav2_0.90.1dfsg-4etch16_amd64.deb
  to pool/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 505134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stephen Gran <sgran@debian.org> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 03 Dec 2008 11:08:39 -0800
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav2 clamav-docs
Architecture: source amd64 all
Version: 0.90.1dfsg-4etch16
Distribution: stable-security
Urgency: high
Maintainer: Stephen Gran <sgran@debian.org>
Changed-By: Stephen Gran <sgran@debian.org>
Description: 
 clamav     - antivirus scanner for Unix
 clamav-base - base package for clamav, an anti-virus utility for Unix
 clamav-daemon - antivirus scanner daemon
 clamav-dbg - debug symbols for clamav
 clamav-docs - documentation package for clamav, an anti-virus utility for Unix
 clamav-freshclam - downloads clamav virus databases from the Internet
 clamav-milter - antivirus scanner for sendmail
 clamav-testfiles - use these files to test that your Antivirus program works
 libclamav-dev - clam Antivirus library development files
 libclamav2 - virus scanner library
Closes: 505134 507624
Changes: 
 clamav (0.90.1dfsg-4etch16) stable-security; urgency=high
 .
   * [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow
     (Closes: #505134)
   * [CVE-2008-5314]: libclamav/special.c: respect recursion limits in
     cli_check_jpeg_exploit() (Closes: #507624)
Files: 
 ebc60299a69aab41dfdb77e667e2857c 908 utils optional clamav_0.90.1dfsg-4etch16.dsc
 5ae1da1b6351a13b5c385919960ca9b7 216130 utils optional clamav_0.90.1dfsg-4etch16.diff.gz
 63e3898029276baf914fafa347747996 201408 utils optional clamav-base_0.90.1dfsg-4etch16_all.deb
 189a55ca25bdf9e03a0ae3b9f4a565e9 158564 utils optional clamav-testfiles_0.90.1dfsg-4etch16_all.deb
 5d316f2ea821b441971b0e05e58e481d 1003722 utils optional clamav-docs_0.90.1dfsg-4etch16_all.deb
 6207bf783731c636eaa192d696466a88 341684 libs optional libclamav2_0.90.1dfsg-4etch16_amd64.deb
 bc8b467814eb5b76b6a165ee7abbbb7d 856672 utils optional clamav_0.90.1dfsg-4etch16_amd64.deb
 99ba1e041488e76a7d6e457ed51536f0 179200 utils optional clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
 cd9f623cfb4f23d1777cf21e830d74b2 9302094 utils optional clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
 c2aa51b550584931f3f1b7b1f6df6508 177968 utils extra clamav-milter_0.90.1dfsg-4etch16_amd64.deb
 e0db968192096ac9215ab676b5750c7d 355706 libdevel optional libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
 5e87c000b193a1d25e03580496b91fc2 594608 utils extra clamav-dbg_0.90.1dfsg-4etch16_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkk23UYACgkQvx6dH3bVKsTRRACgsWpbojk4+KJ9RFG/bM955F4A
5mkAni4qjTCXzElXZTnyyivsKkf+rm8B
=HHZI
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 15 Jan 2009 07:27:55 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 22:05:03 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.