Your message dated Sat, 19 Apr 2008 13:17:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#476694: fixed in clamav 0.92.1~dfsg2-1.1
has caused the Debian Bug report #476694,
regarding clamav: CVE-2008-1833 integer overflow leading to heap overflow via
crafted wwpack compressed pe binary
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
476694: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476694
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: clamav
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for clamav.
CVE-2008-1833[0]:
| Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote
| attackers to execute arbitrary code via a crafted WWPack compressed PE
| binary.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833
http://security-tracker.debian.net/tracker/CVE-2008-1833
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp4NeSDpCmW2.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.92.1~dfsg2-1.1
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:
clamav-base_0.92.1~dfsg2-1.1_all.deb
to pool/main/c/clamav/clamav-base_0.92.1~dfsg2-1.1_all.deb
clamav-daemon_0.92.1~dfsg2-1.1_amd64.deb
to pool/main/c/clamav/clamav-daemon_0.92.1~dfsg2-1.1_amd64.deb
clamav-dbg_0.92.1~dfsg2-1.1_amd64.deb
to pool/main/c/clamav/clamav-dbg_0.92.1~dfsg2-1.1_amd64.deb
clamav-docs_0.92.1~dfsg2-1.1_all.deb
to pool/main/c/clamav/clamav-docs_0.92.1~dfsg2-1.1_all.deb
clamav-freshclam_0.92.1~dfsg2-1.1_amd64.deb
to pool/main/c/clamav/clamav-freshclam_0.92.1~dfsg2-1.1_amd64.deb
clamav-milter_0.92.1~dfsg2-1.1_amd64.deb
to pool/main/c/clamav/clamav-milter_0.92.1~dfsg2-1.1_amd64.deb
clamav-testfiles_0.92.1~dfsg2-1.1_all.deb
to pool/main/c/clamav/clamav-testfiles_0.92.1~dfsg2-1.1_all.deb
clamav_0.92.1~dfsg2-1.1.diff.gz
to pool/main/c/clamav/clamav_0.92.1~dfsg2-1.1.diff.gz
clamav_0.92.1~dfsg2-1.1.dsc
to pool/main/c/clamav/clamav_0.92.1~dfsg2-1.1.dsc
clamav_0.92.1~dfsg2-1.1_amd64.deb
to pool/main/c/clamav/clamav_0.92.1~dfsg2-1.1_amd64.deb
libclamav-dev_0.92.1~dfsg2-1.1_amd64.deb
to pool/main/c/clamav/libclamav-dev_0.92.1~dfsg2-1.1_amd64.deb
libclamav3_0.92.1~dfsg2-1.1_amd64.deb
to pool/main/c/clamav/libclamav3_0.92.1~dfsg2-1.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 19 Apr 2008 12:42:18 +0200
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav3
clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all amd64
Version: 0.92.1~dfsg2-1.1
Distribution: unstable
Urgency: high
Maintainer: Stephen Gran <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus utility for Unix - scanner daemon
clamav-dbg - debug symbols for ClamAV
clamav-docs - anti-virus utility for Unix - documentation
clamav-freshclam - anti-virus utility for Unix - virus database update utility
clamav-milter - anti-virus utility for Unix - sendmail integration
clamav-testfiles - anti-virus utility for Unix - test files
libclamav-dev - anti-virus utility for Unix - development files
libclamav3 - anti-virus utility for Unix - library
Closes: 476694
Changes:
clamav (0.92.1~dfsg2-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* This update addresses the following security issue:
- CVE-2008-1833: heap-based buffer overflow allows remote
attackers to execute arbitrary code via a crafted WWPack compressed
PE binary (Closes: #476694).
Checksums-Sha1:
ad6d0b38eeb97ec975493ed4e872d0281da4c441 1308 clamav_0.92.1~dfsg2-1.1.dsc
e9824c6dfd38f5da3dbdd4f204e3c05dbb3f3f51 161277 clamav_0.92.1~dfsg2-1.1.diff.gz
b24c7bbe2e02a57ad33f53d34094e7c51192c357 12680280
clamav-base_0.92.1~dfsg2-1.1_all.deb
40d984f6d61a30ab578f34e7d201718446297903 179826
clamav-testfiles_0.92.1~dfsg2-1.1_all.deb
c669091061677f6affae7ba274e0e52dfff53a78 1032966
clamav-docs_0.92.1~dfsg2-1.1_all.deb
45e82c0155ed6ecc14103079517b248a3adfe129 454456
libclamav3_0.92.1~dfsg2-1.1_amd64.deb
918e3a9e37f8e38cd4d6be5d8e8822f2890784bd 896042
clamav_0.92.1~dfsg2-1.1_amd64.deb
c836019e3afdbaa206ddf9a32c3c850e35663e99 200492
clamav-daemon_0.92.1~dfsg2-1.1_amd64.deb
c572ca523a489e88a549c5ed0cdcf9a6b56a7588 217726
clamav-freshclam_0.92.1~dfsg2-1.1_amd64.deb
8bf03bb5fa6b9130b8e9a64c9f084c3a751b4d38 204680
clamav-milter_0.92.1~dfsg2-1.1_amd64.deb
7aa06af1ed9a4586e82160021d4bba6ad414c5b5 473872
libclamav-dev_0.92.1~dfsg2-1.1_amd64.deb
ec79db4cfcfb8e171b40a8a6abc9b758b54e1255 713176
clamav-dbg_0.92.1~dfsg2-1.1_amd64.deb
Checksums-Sha256:
9a57654095f2d6ccd11c1b25bc248c5145f6f6645ef76b96022574541ed922ec 1308
clamav_0.92.1~dfsg2-1.1.dsc
f815acedb0effb74b4769f450c2b187c7e30f3bf7bdaf1a21561289273f0bd05 161277
clamav_0.92.1~dfsg2-1.1.diff.gz
e6f0242f3d19f3d627baa797ab037c491de3789b4ed3f33eace46b214cf88328 12680280
clamav-base_0.92.1~dfsg2-1.1_all.deb
13ab1412021e7fed518766627bc6cffedad3ffa59d766f18d2035acef2b20254 179826
clamav-testfiles_0.92.1~dfsg2-1.1_all.deb
67009bd071d45c9f1e0ab7727673227f5c57e43963528ebd5b7ba9c352f45c9a 1032966
clamav-docs_0.92.1~dfsg2-1.1_all.deb
ddfaeaf20d8c395c9240f57eaa8b4bab947209fc3dcf9e0039e8673bcecf1e2a 454456
libclamav3_0.92.1~dfsg2-1.1_amd64.deb
81a9d12b7c37d2db531cf8a14c11c161404695a4f74a87e08b4bc5a96a15ec8b 896042
clamav_0.92.1~dfsg2-1.1_amd64.deb
98db461e9ad276f4c66124ee3a6bb335055413193061ed9c2b9d814e346611ac 200492
clamav-daemon_0.92.1~dfsg2-1.1_amd64.deb
b9c2ccd71f64c19a03b11726b3d13e0123d05bf089dff499034d8513bcc349fd 217726
clamav-freshclam_0.92.1~dfsg2-1.1_amd64.deb
8e8a598841df95b433f6fe52ecc0a910c05e1bd4ac10dd165596017119ce54ec 204680
clamav-milter_0.92.1~dfsg2-1.1_amd64.deb
84f91d188adf9601652b3854d10b22430ccffab10e07709aa0bab0fb7839b340 473872
libclamav-dev_0.92.1~dfsg2-1.1_amd64.deb
67a7fa613751adaf49e1a96d95bbb41a6827d4085f2ff155fe42b773602dc65b 713176
clamav-dbg_0.92.1~dfsg2-1.1_amd64.deb
Files:
34a36d096b7670ad52b028992242d487 1308 utils optional
clamav_0.92.1~dfsg2-1.1.dsc
38a1366957796c9fe732ec4df5821e98 161277 utils optional
clamav_0.92.1~dfsg2-1.1.diff.gz
bdf606937526def34dcb634b5007058d 12680280 utils optional
clamav-base_0.92.1~dfsg2-1.1_all.deb
8dc1afedc921ba9d813deecd2483737e 179826 utils optional
clamav-testfiles_0.92.1~dfsg2-1.1_all.deb
a3ed23e3d491ae4b989c96ba015f7e2d 1032966 doc optional
clamav-docs_0.92.1~dfsg2-1.1_all.deb
fd0f59d2aedc07c2672a191c4920a887 454456 libs optional
libclamav3_0.92.1~dfsg2-1.1_amd64.deb
7553c15a2864bd7834320fb179e62b42 896042 utils optional
clamav_0.92.1~dfsg2-1.1_amd64.deb
0f621fc9ebf547bc01f64ac33995da07 200492 utils optional
clamav-daemon_0.92.1~dfsg2-1.1_amd64.deb
6cf4729697158d4c36634e5a4b96fd5f 217726 utils optional
clamav-freshclam_0.92.1~dfsg2-1.1_amd64.deb
9c485e3390c97d0ead66ca45200dab4c 204680 utils extra
clamav-milter_0.92.1~dfsg2-1.1_amd64.deb
37c262ece980c9fe5b7cd543909b6aea 473872 libdevel optional
libclamav-dev_0.92.1~dfsg2-1.1_amd64.deb
fe484d43ec24bc15294e46a02bc9281c 713176 utils extra
clamav-dbg_0.92.1~dfsg2-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFICeuuHYflSXNkfP8RAljtAJ9VAxRLxisbR2ReRdkU2D1+XzD5lgCgrdvq
hN4qIfaXJ8bAokMLVB/25h8=
=76kY
-----END PGP SIGNATURE-----
--- End Message ---
