Debian Bug report logs - #778406
clamav: CVE-2015-2305: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luciano Bello <luciano@debian.org>

To: submit@bugs.debian.org

Subject: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Date: Sat, 14 Feb 2015 15:37:44 +0100

Package: clamav
Severity: important
Tags: security patch

The security team received a report from the CERT Coordination Center that the 
Henry Spencer regular expressions (regex) library contains a heap overflow 
vulnerability. It looks like this package includes the affected code at that's 
the reason of this bug report.

The patch is available here:
http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c

Please, can you confirm if the binary packages are affected? Are stable and 
testing affected?

More information, here:
http://www.kb.cert.org/vuls/id/695940
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/

A CVE id has been requested already and the report will be updated with it 
eventually.

Cheers, luciano

Message #10 received at 778406@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: Luciano Bello <luciano@debian.org>, 778406@bugs.debian.org

Subject: Re: Bug#778406: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Date: Sat, 14 Feb 2015 22:28:09 +0100

On Sat, Feb 14, 2015 at 03:37:44PM +0100, Luciano Bello wrote:
> Please, can you confirm if the binary packages are affected? 

Yes, the code could be patched. In order to exploit it (or chrash it) the
attacker should have full control over the pattern. Now lets see
- clamav-milter: the admin specifies whitelists, no remote
- phishcheck.c: static, no remote
- readdb.c: reads virus databases. .zmd, .rmd, .cdb databases can feed part of
  the file into the function in question. .wdb, .pdb as well (phishing db).
- sigtool.c: for manually creating signatures
- command line arguments :)

> Are stable and 
> testing affected?

They are affected in terms that the patch can be applied. The only way this
could be triggered by a non-admin is via a database update (according to my
code grepping the last few minutes). And this means an entry (within the
database) has to contain a regex-pattern and it should be atleast 682 MiB
in size. The public / default databases are edited by the clamav team so I
doubt someone can sneak this in there.

All in all I would say not very applicable and no need for immediate action.
If you or anyone else feels different please let me now. I prepared this
patch [0]. It is the one you pointed out applied on the clamav tree with
minory changes to get it applied.

I will however forward this report to clamav upstream including the patch since
it is probably best to include it in future anyway.

[0] https://anonscm.debian.org/cgit/pkg-clamav/clamav.git/commit/?id=a2344cea2a22089ff0bac16c16e060ebb06425b0

> Cheers, luciano

Sebastian

Message #15 received at 778406@bugs.debian.org (full text, mbox, reply):

From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>

To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Cc: 778406@bugs.debian.org, Luciano Bello <luciano@debian.org>

Subject: Re: Bug#778406: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Date: Sun, 15 Feb 2015 23:43:46 +0100

Hi Sebastian,

On 14.02.2015 22:28, Sebastian Andrzej Siewior wrote:
> All in all I would say not very applicable and no need for immediate action.
> If you or anyone else feels different please let me now. I prepared this
> patch [0]. It is the one you pointed out applied on the clamav tree with
> minory changes to get it applied.
>
> I will however forward this report to clamav upstream including the patch since
> it is probably best to include it in future anyway.

I think a fix for wheezy can wait for the next upstream release.

> [0] https://anonscm.debian.org/cgit/pkg-clamav/clamav.git/commit/?id=a2344cea2a22089ff0bac16c16e060ebb06425b0

This patch misses the declaration of the maxlen variable.

Best regards,
Andreas

Message #20 received at 778406@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>

Cc: 778406@bugs.debian.org, Luciano Bello <luciano@debian.org>

Subject: Re: Bug#778406: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Date: Mon, 16 Feb 2015 13:30:36 +0100

forwarded 778406 https://bugzilla.clamav.net/show_bug.cgi?id=11264
thanks

On Sun, Feb 15, 2015 at 11:43:46PM +0100, Andreas Cadhalpun wrote:
> Hi Sebastian,
Hi Andreas,

> I think a fix for wheezy can wait for the next upstream release.

Good. I will wait what upstream says. Maybe they drop usage of the library
since they check for PCRE since two releases or so.
 
> >[0] https://anonscm.debian.org/cgit/pkg-clamav/clamav.git/commit/?id=a2344cea2a22089ff0bac16c16e060ebb06425b0
> 
> This patch misses the declaration of the maxlen variable.

Thanks. I also provided the wrong one upstrea… Fixed now.

> Best regards,
> Andreas

Sebastian

Message #27 received at 778406@bugs.debian.org (full text, mbox, reply):

From: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>

To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Cc: 778406@bugs.debian.org, Luciano Bello <luciano@debian.org>

Subject: Re: Bug#778406: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Date: Mon, 16 Feb 2015 19:57:59 +0100

Control: tags -1 fixed-upstream

Hi,

On 16.02.2015 13:30, Sebastian Andrzej Siewior wrote:
> Good. I will wait what upstream says. Maybe they drop usage of the library
> since they check for PCRE since two releases or so.

The patch got applied upstream so this bug will be fixed with the next 
upstream version 0.98.7.

Best regards,
Andreas

Message #36 received at 778406-close@bugs.debian.org (full text, mbox, reply):

From: Scott Kitterman <scott@kitterman.com>

To: 778406-close@bugs.debian.org

Subject: Bug#778406: fixed in clamav 0.98.7+dfsg-1

Date: Sat, 02 May 2015 05:34:31 +0000

Source: clamav
Source-Version: 0.98.7+dfsg-1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 778406@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman <scott@kitterman.com> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 May 2015 22:45:55 -0400
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 clamav-daemon clamdscan clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all amd64
Version: 0.98.7+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Description:
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 clamdscan  - anti-virus utility for Unix - scanner client
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav6 - anti-virus utility for Unix - library
Closes: 778406 783720
Changes:
 clamav (0.98.7+dfsg-1) unstable; urgency=high
 .
   [ Andreas Cadhalpun ]
   * Use SocketUser, SocketGroup and RemoveOnStop systemd socket options
     instead of using ExecStartPost and ExecStopPost for that.
   * Respect clamav-daemon's LocalSocket* options with the systemd unit by
     extending the clamav-daemon.socket file appropriately, when running
     dpkg-reconfigure clamav-daemon. (Closes: #783720)
   * Disable this extendend configuration, when handling the configuration
     file with debconf is disabled.
   * Disable clamav-daemon.socket in prerm script.
 .
   [ Sebastian Andrzej Siewior ]
   * Import new upstream:
     - Improvements to PDF processing: decryption, escape sequence
       handling, and file property collection.
     - Scanning/analysis of additional Microsoft Office 2003 XML format.
     - Fix infinite loop condition on crafted y0da cryptor file. Identified
       and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
     - Fix crash on crafted petite packed file. Reported and patch
       supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
     - Fix false negatives on files within iso9660 containers. This issue
       was reported by Minzhuan Gong.
     - Fix a couple crashes on crafted upack packed file. Identified and
       patches supplied by Sebastian Andrzej Siewior.
     - Fix a crash during algorithmic detection on crafted PE file.
       Identified and patch supplied by Sebastian Andrzej Siewior.
     - Fix an infinite loop condition on a crafted "xz" archive file.
       This was reported by Dimitri Kirchner and Goulven Guiheux.
       CVE-2015-2668.
     - Fix compilation error after ./configure --disable-pthreads.
       Reported and fix suggested by John E. Krokes.
     - Apply upstream patch for possible heap overflow in Henry Spencer's
       regex library. CVE-2015-2305 (Closes: #778406).
     - Fix crash in upx decoder with crafted file. Discovered and patch
       supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
     - Fix segfault scanning certain HTML files. Reported with sample by
       Kai Risku.
     - Improve detections within xar/pkg files.
   * update GPG key used to verify releases to get uscan/get_orig.sh working
     again.
   * update symbol version for cl_retflevel due to CL_FLEVEL change.
Checksums-Sha1:
 9e03fcf8a028525ec8401c6ef4ca67a96bf44779 3075 clamav_0.98.7+dfsg-1.dsc
 d00df0b36ca5ef72518e891e5cb2bdf7ffbf9b9c 8322932 clamav_0.98.7+dfsg.orig.tar.xz
 57833718904df8a722bb98f2e866307466af9f30 242168 clamav_0.98.7+dfsg-1.debian.tar.xz
 1e854dadafdabcc9b4bdab198c50e8af059fe13e 283236 clamav-base_0.98.7+dfsg-1_all.deb
 72c52ffa92d713a8bfb0e2c9e522cea2797b11a0 897526 clamav-docs_0.98.7+dfsg-1_all.deb
 348fee6f6289174cd380621731eeff4b75cebea7 2454558 clamav-dbg_0.98.7+dfsg-1_amd64.deb
 023991dee3a969158dd4a00ff53e8180f167e9aa 324626 clamav_0.98.7+dfsg-1_amd64.deb
 c6f38f5c96163cd04b5fe21af01a5211f740bbd7 244400 libclamav-dev_0.98.7+dfsg-1_amd64.deb
 e281c0695acd0738f7e983b850ba8dc343bdbeca 930034 libclamav6_0.98.7+dfsg-1_amd64.deb
 943a8e7ca7cffbb3fb66aa17ab4fb9a2a72a2fb9 421032 clamav-daemon_0.98.7+dfsg-1_amd64.deb
 63b5b09e424dd13a27e9cc33037e3373a652ebd8 297592 clamdscan_0.98.7+dfsg-1_amd64.deb
 bd07d6dd03218692667485638b6aa229b4937f94 3096090 clamav-testfiles_0.98.7+dfsg-1_all.deb
 3532031dd31875cfddeb43e066a5374d7e23d79f 348192 clamav-freshclam_0.98.7+dfsg-1_amd64.deb
 f83a47ba73b2d9d36a1053cbe96088dbf02e8fab 387064 clamav-milter_0.98.7+dfsg-1_amd64.deb
Checksums-Sha256:
 30ea134e3f4e03a2f0335c026a29ab9f57f733cd4863597d1d985cdc40e98086 3075 clamav_0.98.7+dfsg-1.dsc
 3a153ccdde90702dc175bd251784b66f09431b517da4ca8c99407ecd3e295fa5 8322932 clamav_0.98.7+dfsg.orig.tar.xz
 993a5be4ac798cb6a4beb7bc3ca481c3dc1b22b4918116834e9618dbd7e8e094 242168 clamav_0.98.7+dfsg-1.debian.tar.xz
 7690ad29246a26c405351301cb46f205046ae8554d5e20e6af0278185916e700 283236 clamav-base_0.98.7+dfsg-1_all.deb
 4e7587fe5390ee1b1309e765d6d09040da84b0e00bb948488fd1c14953f96242 897526 clamav-docs_0.98.7+dfsg-1_all.deb
 54fff846f9d79713d596c4a5b7914eb4eca010c6780ef1efac221d2c3e25fe7d 2454558 clamav-dbg_0.98.7+dfsg-1_amd64.deb
 421a0c1bd7ae05d50ef49e9a678a271fb85fb386b2a6b031cd4939620fdfeddc 324626 clamav_0.98.7+dfsg-1_amd64.deb
 8aafe5cacedd0211f9a520fdabd0491eb335abac4982ebb8cbada958150ba988 244400 libclamav-dev_0.98.7+dfsg-1_amd64.deb
 2f3262e50b4760857d44f88200416ff5210ab4fdb17f4321869811cf8c848880 930034 libclamav6_0.98.7+dfsg-1_amd64.deb
 49df94669c68720e1be4493e09020ddb1efcbf43f811adfc86c8ba7f26dc2bbe 421032 clamav-daemon_0.98.7+dfsg-1_amd64.deb
 7662dcc860a276c77bafcf3be31dd46f8a4dc0406a4c94e5bc0af51d481cb47f 297592 clamdscan_0.98.7+dfsg-1_amd64.deb
 4ea4ec98b762969c59bfcbfa3a8b5e3e1e83af8ef176dad7a5ff765745a2771b 3096090 clamav-testfiles_0.98.7+dfsg-1_all.deb
 806a1fd82c634bdbdac57daaebe210e84fa146b0118d03f5fe1680a38bbf175e 348192 clamav-freshclam_0.98.7+dfsg-1_amd64.deb
 3eb525f74afd71f498d191c44138fabacd31e5851de5900bac71b5a03598b49f 387064 clamav-milter_0.98.7+dfsg-1_amd64.deb
Files:
 6fcf3097f5d632060aab4b86cc202241 3075 utils optional clamav_0.98.7+dfsg-1.dsc
 7a012088d4389bd3ac2ac35442b98d37 8322932 utils optional clamav_0.98.7+dfsg.orig.tar.xz
 14dd37a7f9c824b422a9e57fac0071b2 242168 utils optional clamav_0.98.7+dfsg-1.debian.tar.xz
 1fb8898ad23f2fe3118b736b90d73735 283236 utils optional clamav-base_0.98.7+dfsg-1_all.deb
 0a892a2a77e0fc5fb5609611450a5b43 897526 doc optional clamav-docs_0.98.7+dfsg-1_all.deb
 9cd7548b4592f84ff405cfe3bf4b8f09 2454558 debug extra clamav-dbg_0.98.7+dfsg-1_amd64.deb
 204eafbdac60e48a375e823f4d69e8a3 324626 utils optional clamav_0.98.7+dfsg-1_amd64.deb
 4a045ec62ae2994ad12e6e782a1130a1 244400 libdevel optional libclamav-dev_0.98.7+dfsg-1_amd64.deb
 9a1474b1cb12533bb2e2fcbb717ed7de 930034 libs optional libclamav6_0.98.7+dfsg-1_amd64.deb
 857b1baca9906867f86eab3e7cb02e02 421032 utils optional clamav-daemon_0.98.7+dfsg-1_amd64.deb
 69b94d40358fa669cf02a28876db72d9 297592 utils optional clamdscan_0.98.7+dfsg-1_amd64.deb
 20684bd02581a7a9bedddd5c8dd54277 3096090 utils optional clamav-testfiles_0.98.7+dfsg-1_all.deb
 0eb100895dc2cda74f98979b86290d60 348192 utils optional clamav-freshclam_0.98.7+dfsg-1_amd64.deb
 cd6de31c2a7b08d5bc2d9d876d5ff575 387064 utils extra clamav-milter_0.98.7+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVRET0AAoJEHjX3vua1ZrxdaQQAMoBD8ho8BL7wYwm8hQah4Jr
Etr5Qz1UDcMKcJY7rnAaDOuHqBYcnP+acyxgCr8f/DEOWVsbY6tY54AZ9kcDkYT0
a7Itr8uB2qkXORPBLDsSJFllTjAcz3gN/X+TCXFjAqj11wa3XTlLoHhc7iaj+Tlu
HWd3OvtDRn4WUj5hn2fBXOQETYs/YnEj+3wvV6UWSmeYir/enZxjcxmQAJmQLE43
QWGivpvuDUDxPNEya18oU76aNQHMH2UMaSbPHU+0RELhG6kqpBM/wTSkYdekh8cL
vgQpGTS2UcGvUfRWEHJNgTSEGvn5m8gwk4/RhPspBwzPH3ReFkhbmWDbA1KqwuZZ
UKJP7G0PQtZzt2lZBAkXxZzhwRQaXjE8CHB7/QqRyb2zTTHnWjPmoBloNK7Jj+8v
5CoATXw/MWbmdLVkyzl8dGQNdJVYZ7hlj1zJlTgRtCktrziV2lnMqBex1YNyVodi
KDbaOItBYGpZLiQ0o5gdN1X6083JEyT0k1c3V21dF+B6dRN5/TUKILAA6RLWDH4P
NIzrWKf1MXcGT+Uj/8waTJLVXrv6+J+q59kNJbMsNOMrAj/BWwVp8zdlzVFDxJSr
h0eb38J0MFqVAub3FfQ8UtLdQ1NDvL4XAegZmeb1y3rTM8inmPTrgsk1WHsusjsz
I98npVj+zwx4r1lYbLF+
=8zXL
-----END PGP SIGNATURE-----

Message #41 received at 778406-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: 778406-close@bugs.debian.org

Subject: Bug#778406: fixed in clamav 0.98.7+dfsg-0+deb8u1

Date: Sun, 03 May 2015 18:02:05 +0000

Source: clamav
Source-Version: 0.98.7+dfsg-0+deb8u1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 778406@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 02 May 2015 23:27:36 +0200
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 clamav-daemon clamdscan clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all amd64
Version: 0.98.7+dfsg-0+deb8u1
Distribution: stable
Urgency: high
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description:
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 clamdscan  - anti-virus utility for Unix - scanner client
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav6 - anti-virus utility for Unix - library
Closes: 778406 778445 779758 781088 783720
Changes:
 clamav (0.98.7+dfsg-0+deb8u1) stable; urgency=high
 .
   [ Andreas Cadhalpun ]
   * Fix variable name mismatch in clamav-milter.postinst in order to
     make preseeding work correctly. (Closes: #778445)
   * Rename DEBCONFILE to DEBCONFFILE in clamav-freshclam.postinst making it
     consistent with the other postinst scripts.
   * Build against libsystemd-dev. (Closes: #779758)
   * Drop 'XS-Testsuite: autopkgtest' from debian/control.
     Debhelper automatically adds the Testsuite field.
     This fixes the lintian warning xs-testsuite-header-in-debian-control.
   * Shorten debian/copyright. This fixes some lintian warnings:
      - dep5-copyright-license-name-not-unique
      - wildcard-matches-nothing-in-dep5-copyright
      - unused-file-paragraph-in-dep5-copyright
   * Use pathfind to avoid hardcoding paths.
     This fixes command-with-path-in-maintainer-script lintian warnings.
   * Fix syntax errors in clamav-freshclam.postinst. Thanks piuparts!
   * Fix cleanup on purge in clamav-base.postrm.
   * Use SocketUser, SocketGroup and RemoveOnStop systemd socket options
     instead of using ExecStartPost and ExecStopPost for that.
   * Respect clamav-daemon's LocalSocket* options with the systemd unit by
     extending the clamav-daemon.socket file appropriately, when running
     dpkg-reconfigure clamav-daemon. (Closes: #783720)
   * Disable this extendend configuration, when handling the configuration
     file with debconf is disabled.
   * Disable clamav-daemon.socket in prerm script.
 .
   [ Sebastian Andrzej Siewior ]
   * Replace ” with " in debian/common_functions (Closes: #781088)
   * Drop __DATE__ from tfm to make the package build reproducible with
     -Werror=date-time. With this change faketime is no longer required.
   * Import new upstream:
     - Improvements to PDF processing: decryption, escape sequence
       handling, and file property collection.
     - Scanning/analysis of additional Microsoft Office 2003 XML format.
     - Fix infinite loop condition on crafted y0da cryptor file. Identified
       and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
     - Fix crash on crafted petite packed file. Reported and patch
       supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
     - Fix false negatives on files within iso9660 containers. This issue
       was reported by Minzhuan Gong.
     - Fix a couple crashes on crafted upack packed file. Identified and
       patches supplied by Sebastian Andrzej Siewior.
     - Fix a crash during algorithmic detection on crafted PE file.
       Identified and patch supplied by Sebastian Andrzej Siewior.
     - Fix an infinite loop condition on a crafted "xz" archive file.
       This was reported by Dimitri Kirchner and Goulven Guiheux.
       CVE-2015-2668.
     - Fix compilation error after ./configure --disable-pthreads.
       Reported and fix suggested by John E. Krokes.
     - Apply upstream patch for possible heap overflow in Henry Spencer's
       regex library. CVE-2015-2305 (Closes: #778406).
     - Fix crash in upx decoder with crafted file. Discovered and patch
       supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
     - Fix segfault scanning certain HTML files. Reported with sample by
       Kai Risku.
     - Improve detections within xar/pkg files.
   * update GPG key used to verify releases to get uscan/get_orig.sh working
     again.
   * update symbol version for cl_retflevel due to CL_FLEVEL change.
Checksums-Sha1:
 4f8a3473c07d8a867a3d40a78acfc53ae0383ced 3103 clamav_0.98.7+dfsg-0+deb8u1.dsc
 d00df0b36ca5ef72518e891e5cb2bdf7ffbf9b9c 8322932 clamav_0.98.7+dfsg.orig.tar.xz
 db1cdda13f1f6b30dd051f31809a4277a9efcd6b 242188 clamav_0.98.7+dfsg-0+deb8u1.debian.tar.xz
 fadd8527827ec136c902b7268e7480edd6306c13 283210 clamav-base_0.98.7+dfsg-0+deb8u1_all.deb
 5e32d6635434a4bba85bcfc86a643c56f78b24bb 883632 clamav-docs_0.98.7+dfsg-0+deb8u1_all.deb
 9d4839e7c735732b8c1d9d6a6485ece66362c1a5 2431586 clamav-dbg_0.98.7+dfsg-0+deb8u1_amd64.deb
 b7b71a9b38f60a7b9b0a4c9c71adc7fcf8b21767 324672 clamav_0.98.7+dfsg-0+deb8u1_amd64.deb
 388d63f7af4bb0e45d4535a6035fdfbe3eba65a9 244372 libclamav-dev_0.98.7+dfsg-0+deb8u1_amd64.deb
 81cf4e3f52be341db13da439852af7f721305ed7 925998 libclamav6_0.98.7+dfsg-0+deb8u1_amd64.deb
 c20f56aaa1a4cbc57bdb815afc931481bdead188 420898 clamav-daemon_0.98.7+dfsg-0+deb8u1_amd64.deb
 ebe6511c58a236c14b6ae3b12d416357b4b316c8 297568 clamdscan_0.98.7+dfsg-0+deb8u1_amd64.deb
 d887dc49ed7f2f3341ec27fe2aafe9d85802de97 3096342 clamav-testfiles_0.98.7+dfsg-0+deb8u1_all.deb
 58cc5ba582c0dfc3f0632a95e680fc2bd5350ed3 348190 clamav-freshclam_0.98.7+dfsg-0+deb8u1_amd64.deb
 4752d420319a4e5fc5662977cb0e1bc058c8f383 387118 clamav-milter_0.98.7+dfsg-0+deb8u1_amd64.deb
Checksums-Sha256:
 82d2f957ea83a7dd8f4f16140098b99ffe4724acc514daa0f852250590fcad2e 3103 clamav_0.98.7+dfsg-0+deb8u1.dsc
 3a153ccdde90702dc175bd251784b66f09431b517da4ca8c99407ecd3e295fa5 8322932 clamav_0.98.7+dfsg.orig.tar.xz
 aa6c16cfcdf6d8eac26348926e493524360aa5abaf3eeaf9d9e0b8c67949e3d1 242188 clamav_0.98.7+dfsg-0+deb8u1.debian.tar.xz
 560ad980d4eae99f9828d2a4d23d66e148268e43e730e9c05263c782eb54b59c 283210 clamav-base_0.98.7+dfsg-0+deb8u1_all.deb
 2e688dd5958b67d6fd3c733025ad85a20e6c7355c012ace23ab831c4f417beb0 883632 clamav-docs_0.98.7+dfsg-0+deb8u1_all.deb
 6ab58a8ba33f600b8b8ba4f1787ca9c2bbf7de40a9ab5f685e6090166da6395c 2431586 clamav-dbg_0.98.7+dfsg-0+deb8u1_amd64.deb
 c322ccd4f4d09e57adfdff2f4e582c4aa6618f89d0d33207d4dc8e46e6b903d2 324672 clamav_0.98.7+dfsg-0+deb8u1_amd64.deb
 d87374c9f17e444edca57dba262c0c73fc6965b29ad2dc2885a8c957eeb20f4a 244372 libclamav-dev_0.98.7+dfsg-0+deb8u1_amd64.deb
 e3f3d035dff7b3b4901f99ba7cb82318f24a46fe69142899c47a055fb605fda3 925998 libclamav6_0.98.7+dfsg-0+deb8u1_amd64.deb
 093fcafcdf3dd7a313a4710f9d520cc64aa999cd86d2af1836c1b1d2f5fc953c 420898 clamav-daemon_0.98.7+dfsg-0+deb8u1_amd64.deb
 c4f5c28027bf40a89d1054275cf84947605ea7a48cf5faa6ec3b128ae18e1b18 297568 clamdscan_0.98.7+dfsg-0+deb8u1_amd64.deb
 0398231ad84da583f302062d24e5b2b0bc2574abff65146b78e9d49b8502a8b4 3096342 clamav-testfiles_0.98.7+dfsg-0+deb8u1_all.deb
 666026f42603d4177859d3ccdd46dbfead2202c88261260fe165072b35dc7673 348190 clamav-freshclam_0.98.7+dfsg-0+deb8u1_amd64.deb
 25bd24c7b246eb61ff2489d5d5f18c98b24d484a50d4126a08239a4bdc25973b 387118 clamav-milter_0.98.7+dfsg-0+deb8u1_amd64.deb
Files:
 9e1841fabc2a0c773d738a48eef42ffa 3103 utils optional clamav_0.98.7+dfsg-0+deb8u1.dsc
 7a012088d4389bd3ac2ac35442b98d37 8322932 utils optional clamav_0.98.7+dfsg.orig.tar.xz
 3e6e3b0aa9469b01afd2df00032d4ffb 242188 utils optional clamav_0.98.7+dfsg-0+deb8u1.debian.tar.xz
 b673f8e8d57f6a03305936070990dd29 283210 utils optional clamav-base_0.98.7+dfsg-0+deb8u1_all.deb
 10fad5c8cb1cc31a679f95c1b02ac494 883632 doc optional clamav-docs_0.98.7+dfsg-0+deb8u1_all.deb
 a708f2fa19bde4a2ba8f0962aff424d9 2431586 debug extra clamav-dbg_0.98.7+dfsg-0+deb8u1_amd64.deb
 2d6b49521323ecff7128d65a052f0d06 324672 utils optional clamav_0.98.7+dfsg-0+deb8u1_amd64.deb
 0814abc809685c59c1a4c9692f3e20df 244372 libdevel optional libclamav-dev_0.98.7+dfsg-0+deb8u1_amd64.deb
 ac681117183648854fa7a9234c29a421 925998 libs optional libclamav6_0.98.7+dfsg-0+deb8u1_amd64.deb
 ab6122f1e8639438faf2a3cc4285c7c6 420898 utils optional clamav-daemon_0.98.7+dfsg-0+deb8u1_amd64.deb
 eb0dac6ea43214ffefeec105d5f94a31 297568 utils optional clamdscan_0.98.7+dfsg-0+deb8u1_amd64.deb
 1696b6a736f1ec11c13c996e64422699 3096342 utils optional clamav-testfiles_0.98.7+dfsg-0+deb8u1_all.deb
 ba090e5d5cb97ababc7ed1c154ce01ed 348190 utils optional clamav-freshclam_0.98.7+dfsg-0+deb8u1_amd64.deb
 3635b7bfcb180ed16c80cfdf04591a3e 387118 utils extra clamav-milter_0.98.7+dfsg-0+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVRj+6AAoJEHjX3vua1ZrxZuoP/1RNUBWfyC/mzNopez29GiOi
9IEKQM6uPo/IkaU8Vyy9lZ/gIKOr+8GgA/3qJYGuwo6l+uAIBPN8MTJhEZWrbTHa
qfKGYDnidFw8F5MdTEYuKJgdjZEXSM8Nl1vlk5lehRKhycbfQdjazOXBLcZsOkJd
mqBKbQObdz43gNZIlZILmrXAczNWh679yA2y0UxLAcszkFbd5VKuqB7y1Use4dM2
INKycGu6IZu+aq+IVkyZPyo1HqjTGwmiKpsxK3O9o5D5VewJgHa5RIhHBmUqLeCa
RyeezdrCL3b/NmV7P1E/fTiNMj6vEMWC1ObcJVOHs9Dm7k6Al4xG/8+/VQn8dNMT
PblApcVFKjIEGQjLq9o+k1GHySuPSMA209LS3mJx3OT6Zcv1c05Potd0+Bcq0gf4
1CD2pUSs0bYoIgYCwjsbFGPvd9TC6qOWU7zfQidCVu40H6dEd4rkReGDpUa6ubYo
Vh7CDqV4D0UbbABVrdiLlgKXqXhMUCHOCw97UJZuMzs753E6mQPGNivegfkvz/r7
xOQ52PGzOcjJJKYGc3xoe8ZMQbC43l0jRuir/faw9ufmZiSViqdPQ6m184vIlSIo
97QztNCecZE8noyWpJaWz7w0BOS9UxtEUAQ5nMUTiWuo1oKO4UXNYIK6um/bqE3b
aDX5dZX87RFOWnFgIp8M
=EFre
-----END PGP SIGNATURE-----

Message #46 received at 778406-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

To: 778406-close@bugs.debian.org

Subject: Bug#778406: fixed in clamav 0.98.7+dfsg-0+deb7u1

Date: Mon, 04 May 2015 10:02:41 +0000

Source: clamav
Source-Version: 0.98.7+dfsg-0+deb7u1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 778406@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 May 2015 22:35:37 +0200
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all
Version: 0.98.7+dfsg-0+deb7u1
Distribution: oldstable
Urgency: high
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Description: 
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav6 - anti-virus utility for Unix - library
Closes: 778406 778445 781088
Changes: 
 clamav (0.98.7+dfsg-0+deb7u1) oldstable; urgency=high
 .
   [ Andreas Cadhalpun ]
   * Fix variable name mismatch in clamav-milter.postinst in order to
     make preseeding work correctly. (Closes: #778445)
   * Drop 'XS-Testsuite: autopkgtest' from debian/control.
     Debhelper automatically adds the Testsuite field.
     This fixes the lintian warning xs-testsuite-header-in-debian-control.
   * Fix cleanup on purge in clamav-base.postrm.
 .
   [ Sebastian Andrzej Siewior ]
   * Replace ” with " in debian/common_functions (Closes: #781088)
   * Import new upstream:
     - Improvements to PDF processing: decryption, escape sequence
       handling, and file property collection.
     - Scanning/analysis of additional Microsoft Office 2003 XML format.
     - Fix infinite loop condition on crafted y0da cryptor file. Identified
       and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
     - Fix crash on crafted petite packed file. Reported and patch
       supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
     - Fix false negatives on files within iso9660 containers. This issue
       was reported by Minzhuan Gong.
     - Fix a couple crashes on crafted upack packed file. Identified and
       patches supplied by Sebastian Andrzej Siewior.
     - Fix a crash during algorithmic detection on crafted PE file.
       Identified and patch supplied by Sebastian Andrzej Siewior.
     - Fix an infinite loop condition on a crafted "xz" archive file.
       This was reported by Dimitri Kirchner and Goulven Guiheux.
       CVE-2015-2668.
     - Fix compilation error after ./configure --disable-pthreads.
       Reported and fix suggested by John E. Krokes.
     - Apply upstream patch for possible heap overflow in Henry Spencer's
       regex library. CVE-2015-2305 (Closes: #778406).
     - Fix crash in upx decoder with crafted file. Discovered and patch
       supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
     - Fix segfault scanning certain HTML files. Reported with sample by
       Kai Risku.
     - Improve detections within xar/pkg files.
   * update GPG key used to verify releases to get uscan/get_orig.sh working
     again.
   * update symbol version for cl_retflevel due to CL_FLEVEL change.
Checksums-Sha1: 
 6b755bd27eb547946424c3055b4e431adb374d52 2883 clamav_0.98.7+dfsg-0+deb7u1.dsc
 d00df0b36ca5ef72518e891e5cb2bdf7ffbf9b9c 8322932 clamav_0.98.7+dfsg.orig.tar.xz
 9e9ba6cb4f82cea7b259d5f679cfc9caeac2eab8 852764 clamav_0.98.7+dfsg-0+deb7u1.debian.tar.gz
 0c597e1edb972459961683abbe9c32a75d06f4db 282498 clamav-base_0.98.7+dfsg-0+deb7u1_all.deb
 0e5edb040faa54b26fcd789f2e6995a99fff7431 903890 clamav-docs_0.98.7+dfsg-0+deb7u1_all.deb
 0c56e36ada43850a1ed74bf8d44657d1959fa28e 5286736 clamav-testfiles_0.98.7+dfsg-0+deb7u1_all.deb
Checksums-Sha256: 
 a109d8300ad94c0edf38533889555eb6c2ecdedd5b14d88b69f56ca260c8b7c1 2883 clamav_0.98.7+dfsg-0+deb7u1.dsc
 3a153ccdde90702dc175bd251784b66f09431b517da4ca8c99407ecd3e295fa5 8322932 clamav_0.98.7+dfsg.orig.tar.xz
 a950749d6d13a893abef1d7c2e1594b418a762ed60e516b190152dc2a1ac24e1 852764 clamav_0.98.7+dfsg-0+deb7u1.debian.tar.gz
 872b97d291939e68e4d6278dc2aa3033a5be6ce4f73a5e9f4867dc85f3ade045 282498 clamav-base_0.98.7+dfsg-0+deb7u1_all.deb
 1e28adc8b7b1f3580acd20d5894658d0cf15db4ed26866546334372f90d83425 903890 clamav-docs_0.98.7+dfsg-0+deb7u1_all.deb
 d69b0b68fef69855580a430b91180e23c8c32de1c4a8c427ef8cbf7a9b4d5d6d 5286736 clamav-testfiles_0.98.7+dfsg-0+deb7u1_all.deb
Files: 
 2794f43800109b40d94322b2e5824fc4 2883 utils optional clamav_0.98.7+dfsg-0+deb7u1.dsc
 7a012088d4389bd3ac2ac35442b98d37 8322932 utils optional clamav_0.98.7+dfsg.orig.tar.xz
 4b56dfef2016aab476b25556db565718 852764 utils optional clamav_0.98.7+dfsg-0+deb7u1.debian.tar.gz
 e8bb543cd777ab0cb06ce61ad4c2ef46 282498 utils optional clamav-base_0.98.7+dfsg-0+deb7u1_all.deb
 0ff20570cb447079860ab76fae4674be 903890 doc optional clamav-docs_0.98.7+dfsg-0+deb7u1_all.deb
 948da1e5ed025856943a6b2e6fdad5f0 5286736 utils optional clamav-testfiles_0.98.7+dfsg-0+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVRnkhAAoJEHuW6BYqjPXRh/oP/0ehbzhDdM/nky8nwcVo6qMp
s6L5zf9ievFmqHKnlaA7faer6YP1Ip+NVYGAuKszPW7oVgsKRSC+IL41mN5LERk1
eoV7rszWXCnrMIg08pRnPTDFAH7Tn5x30nRNo/HyNBqh0N+js/kdN875dsjqV2n0
/KO90dp/UivUsZQY+jU0dXeXWCkFWDTKUKLie+pA6NOT4JEdmKV83NeN6oUqVZhZ
mDzLy27VZp1o8Yrb8UvCAdWV6nz297DiLCJqHwuPSId/XukB5a2Y23bbHtbrGKcL
DYJ7ACN6tpW74A54u3EuyObN6RDr/z0bFt4udKHWxBzL1eLDaDalDQwfqPstg6Fs
8JlZhqBpEa8+hgZkEyhcoixYcAK8pgu9cY8YMDSOgTNE89vvaAHd7JGWW+nJpHJf
hDMBx5bNyPzuTaJd2RdTgYhXtZB66ry/5TXyv+wLyeU9qpsBFrImkpQa3Ap20FLi
yTuW8wtPNifd8a4wgNILZ/CjNB+0GnJQhRJtL4HQ2cB/ry/ghR4Jwwo3a/Pjal6B
QbwozEaxYgfw1gZm+onxmkRyMiWyQf3oDoCp+SjW37crHV65DQTdR8E5u9ZTe7dz
1/4mRUZGhfUNJYD9Ouiti9kV5aZtEuvJPPLdWCY0OWg36hOuyZq6mMwEApv8lCZA
xMkiSiqZGDwbi/Uod3cj
=bI4e
-----END PGP SIGNATURE-----

Message #51 received at 778406-close@bugs.debian.org (full text, mbox, reply):

From: Scott Kitterman <scott@kitterman.com>

To: 778406-close@bugs.debian.org

Subject: Bug#778406: fixed in clamav 0.98.7+dfsg-0+deb6u1

Date: Fri, 29 May 2015 04:19:47 +0000

Source: clamav
Source-Version: 0.98.7+dfsg-0+deb6u1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 778406@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman <scott@kitterman.com> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 27 May 2015 16:15:03 -0400
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all amd64
Version: 0.98.7+dfsg-0+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Description: 
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav6 - anti-virus utility for Unix - library
Closes: 778406 778445 781088
Changes: 
 clamav (0.98.7+dfsg-0+deb6u1) squeeze-lts; urgency=high
 .
   [ Andreas Cadhalpun ]
   * Fix variable name mismatch in clamav-milter.postinst in order to
     make preseeding work correctly. (Closes: #778445)
   * Drop 'XS-Testsuite: autopkgtest' from debian/control.
     Debhelper automatically adds the Testsuite field.
     This fixes the lintian warning xs-testsuite-header-in-debian-control.
   * Fix cleanup on purge in clamav-base.postrm.
 .
   [ Sebastian Andrzej Siewior ]
   * Replace ” with " in debian/common_functions (Closes: #781088)
   * Import new upstream:
     - Improvements to PDF processing: decryption, escape sequence
       handling, and file property collection.
     - Scanning/analysis of additional Microsoft Office 2003 XML format.
     - Fix infinite loop condition on crafted y0da cryptor file. Identified
       and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
     - Fix crash on crafted petite packed file. Reported and patch
       supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
     - Fix false negatives on files within iso9660 containers. This issue
       was reported by Minzhuan Gong.
     - Fix a couple crashes on crafted upack packed file. Identified and
       patches supplied by Sebastian Andrzej Siewior.
     - Fix a crash during algorithmic detection on crafted PE file.
       Identified and patch supplied by Sebastian Andrzej Siewior.
     - Fix an infinite loop condition on a crafted "xz" archive file.
       This was reported by Dimitri Kirchner and Goulven Guiheux.
       CVE-2015-2668.
     - Fix compilation error after ./configure --disable-pthreads.
       Reported and fix suggested by John E. Krokes.
     - Apply upstream patch for possible heap overflow in Henry Spencer's
       regex library. CVE-2015-2305 (Closes: #778406).
     - Fix crash in upx decoder with crafted file. Discovered and patch
       supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
     - Fix segfault scanning certain HTML files. Reported with sample by
       Kai Risku.
     - Improve detections within xar/pkg files.
   * update GPG key used to verify releases to get uscan/get_orig.sh working
     again.
   * update symbol version for cl_retflevel due to CL_FLEVEL change.
 .
   [ Scott Kitterman ]
   * Drop minimum debhelper version to 8 for squeeze and drop indep specific
     override of dh_installdocs
   * Manually patch in results of autoreconf since dh_autoreconf is too
     old and package FTBFS otherwise
   * Drop procps requirement and dpkg minimum version requirement since squeeze
     versions are too old and revert init script changes for freshclam, daemon,
     and milter to use the squeeze versions of the init scripts (also restore
     required functions to debian/common_functions)
Checksums-Sha1: 
 331d06c4ba33ec7bf5a4f9f6b033367d9f09204f 2590 clamav_0.98.7+dfsg-0+deb6u1.dsc
 d00df0b36ca5ef72518e891e5cb2bdf7ffbf9b9c 8322932 clamav_0.98.7+dfsg.orig.tar.xz
 8e4a9b0f21ca2d01ff22785bd160965f01397a66 1044443 clamav_0.98.7+dfsg-0+deb6u1.debian.tar.gz
 548c2b5d92c96d7e4a8adb284e5be8ee5dc31aa9 282668 clamav-base_0.98.7+dfsg-0+deb6u1_all.deb
 bfed58411ed7d85e9d270a74c4b3f45b8f4d3b4e 900204 clamav-docs_0.98.7+dfsg-0+deb6u1_all.deb
 97d28fe268b788886a84c019abac097edb22b4f5 24750164 clamav-dbg_0.98.7+dfsg-0+deb6u1_amd64.deb
 eead66602bd958eed4d5ed428827c9e7029c4f9a 408530 clamav_0.98.7+dfsg-0+deb6u1_amd64.deb
 14de05a9b849d68d44f983ff0309c35a9ceb7a42 245258 libclamav-dev_0.98.7+dfsg-0+deb6u1_amd64.deb
 1d403a533a83251629a91b7657d1691d14822b2d 4447120 libclamav6_0.98.7+dfsg-0+deb6u1_amd64.deb
 2fbb79e416b6c7845bc529faaca6b795b43da2b4 538564 clamav-daemon_0.98.7+dfsg-0+deb6u1_amd64.deb
 8ffdafa610253dfe584ee501982fc8759121fe61 5288050 clamav-testfiles_0.98.7+dfsg-0+deb6u1_all.deb
 10ea604d3b34e8013a3f963ba2a57c90354c511e 353674 clamav-freshclam_0.98.7+dfsg-0+deb6u1_amd64.deb
 67b87ac5626ff972886390b47d2b6127d107c957 388388 clamav-milter_0.98.7+dfsg-0+deb6u1_amd64.deb
Checksums-Sha256: 
 cfa7feb3afd762ef0b0e09e5222c4d378c895f7b9a8c54e7a6d15213fc78cb3b 2590 clamav_0.98.7+dfsg-0+deb6u1.dsc
 3a153ccdde90702dc175bd251784b66f09431b517da4ca8c99407ecd3e295fa5 8322932 clamav_0.98.7+dfsg.orig.tar.xz
 123f39871f85a419009fb7c36996426a13789860bce907cb3d1446d50709e990 1044443 clamav_0.98.7+dfsg-0+deb6u1.debian.tar.gz
 a0d7f7eaeda84ce8759046a18397acccf1ab46ab25009daa2471b9b28c714b83 282668 clamav-base_0.98.7+dfsg-0+deb6u1_all.deb
 64e69e7aaaf3ee9c8e7cf14880c5b5bd9e10289d9c3c642a569d42e80a9d58e6 900204 clamav-docs_0.98.7+dfsg-0+deb6u1_all.deb
 d75ab02976356b84100eafcc115d3fbcbd72f875efe5f39adecfb04e8a7300c8 24750164 clamav-dbg_0.98.7+dfsg-0+deb6u1_amd64.deb
 93a7f9c67fc3c142d59dc0b28d1d08c2c3127e3101ed05132a1bfd439e445550 408530 clamav_0.98.7+dfsg-0+deb6u1_amd64.deb
 b6b4fe717d8646dbed553adc37a096b02e86f3f63304f3999a2e28ab30dab5f1 245258 libclamav-dev_0.98.7+dfsg-0+deb6u1_amd64.deb
 f8d8135c977193d420c278fda5899e79019749b6a75dc978338251b8869681ba 4447120 libclamav6_0.98.7+dfsg-0+deb6u1_amd64.deb
 678a1d0a7b94fdaf92177c467531caea6bb64008bb68d6ac819be0e554c70bfc 538564 clamav-daemon_0.98.7+dfsg-0+deb6u1_amd64.deb
 bf5b0749714749e20bb8de3ad498218364ffb3c804d15defaeb9ff47e264192f 5288050 clamav-testfiles_0.98.7+dfsg-0+deb6u1_all.deb
 9c3817c945439065b5842a7291115dcda0cc252d930b1d0d08e431d0b3c6b2f0 353674 clamav-freshclam_0.98.7+dfsg-0+deb6u1_amd64.deb
 900ee3f39e301bbdc4a350e599d030276647fee042474c0ef397ab446ced90a1 388388 clamav-milter_0.98.7+dfsg-0+deb6u1_amd64.deb
Files: 
 34a0871965394b2273ef56094a0a0cb7 2590 utils optional clamav_0.98.7+dfsg-0+deb6u1.dsc
 7a012088d4389bd3ac2ac35442b98d37 8322932 utils optional clamav_0.98.7+dfsg.orig.tar.xz
 0f72cb03dc8545d9fab54e3dd7c87269 1044443 utils optional clamav_0.98.7+dfsg-0+deb6u1.debian.tar.gz
 c17d626f57d0babf6c5a4f3e52a0b469 282668 utils optional clamav-base_0.98.7+dfsg-0+deb6u1_all.deb
 8e82151b0ca73f2b94f4ea9f8aadb8aa 900204 doc optional clamav-docs_0.98.7+dfsg-0+deb6u1_all.deb
 7824d0ce8c5553082d2fe9fcdca220cb 24750164 debug extra clamav-dbg_0.98.7+dfsg-0+deb6u1_amd64.deb
 0daf4786e224cae58259250c1c1c5aa3 408530 utils optional clamav_0.98.7+dfsg-0+deb6u1_amd64.deb
 5c3b196e8c49985ba9bd202fc44e58a9 245258 libdevel optional libclamav-dev_0.98.7+dfsg-0+deb6u1_amd64.deb
 4e352c3496f2ebef75350440891fabe6 4447120 libs optional libclamav6_0.98.7+dfsg-0+deb6u1_amd64.deb
 f92c9da25d3647fffb5c10f4c34ea01b 538564 utils optional clamav-daemon_0.98.7+dfsg-0+deb6u1_amd64.deb
 bb3dfa343ba47ff69229b1b071ee70a8 5288050 utils optional clamav-testfiles_0.98.7+dfsg-0+deb6u1_all.deb
 330b9ad62b5df57632f4f4836f44beb7 353674 utils optional clamav-freshclam_0.98.7+dfsg-0+deb6u1_amd64.deb
 19137830d7c108e7786f7d99b891460a 388388 utils extra clamav-milter_0.98.7+dfsg-0+deb6u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVZ953AAoJEHjX3vua1ZrxSdwP/irWR3ZhDkjto3RDp664QeGj
NDWU6EBqwIx4i6SF4Elsx+7IC4IeVsTO8IrtTVi++HnU/wuz1luQ+YTf1xIZd9dc
heQo099sh/9X+bZWM6DdlAHsJ1Hxz0amj8pmqt+Xjrbga41PbmW9zUD5LPzvljP8
dR1X+a1n/dW1JZqAyq3Kge+jg1+OhFitZIAtR/Waks5PN0uEkXsZup90kHY8tXZv
JYVErVSMAWzDIYvtc9XYW5MGopmMAW4CtwA34ZH0LnslLD+BuakR5IWHb5FHXtw/
PYT8cPmE6rYNE4h4dKK7EOO15n3+hWJCpO2ZQ0LW5O4J6Sctz4XYAgpsHyF/+ph/
eUFsLVWOuAE+5ZIaeZ8M2QAsgx7RsvobEls1vnAmIo7P+ylLUsRMFHUgTAUgRibe
92yaLWAZ4mzBahKRNEOaCcUFoJ1bIMC0f5p+jcnaUCUmuNsQG3sfUfEuMuaLh5+g
0/gQZlmWvixkb3cOOOrG0F9E4xUcRGLKhxPmlOjsBf0fA/0tVSWw0tLhIjGIzHqU
++G3YEM49fFiqUF2zaGx9CWnxQdakByeRSC8j9CH2J9Q/i/fqJx7KOzWSsfDaz9d
46sZJNNhzLpWB9NGOZUmZpAoULfjLTD5UXM8lNegyzmW1CFRznrRS8aJo4w/QNwt
1waAMAZ/mcwNVjpVbSD3
=NAwK
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.