package: clamav severity: grave tags: security hi,
ubuntu recently patched a problem in clamav [1]. the description is: It was discovered that ClamAV did not properly verify its input when processing TAR archives. A remote attacker could send a specially crafted TAR file and cause a denial of service via infinite loop. It was discovered that ClamAV did not properly validate Portable Executable (PE) files. A remote attacker could send a crafted PE file and cause a denial of service (divide by zero). i'm not sure if this is CVE-2009-1241 or if it a new issue. [1] http://www.ubuntu.com/usn/usn-754-1 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
