Package: clamav Version: 0.90.1-1 Severity: grave Tags: security Justification: user security hole
A vulnerability has been reported for clamav. There does not seem to be a CVE id yet. From http://seclists.org/bugtraq/2008/Nov/0070.html: ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment. Vulnerable packages: All versions up to 0.94 are vulnerable. Version 0.94.1 fixes the problem. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
