Your message dated Wed, 12 Nov 2008 02:05:20 +0000 (UTC)
with message-id <[EMAIL PROTECTED]>
and subject line Bug#505134: fixed in clamav 0.94.dfsg.1-1~volatile1
has caused the Debian Bug report #505134,
regarding clamav: ClamAV get_unicode_name() off-by-one buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
505134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505134
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: clamav
Version: 0.90.1-1
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been reported for clamav. There does not seem to be a CVE id
yet. From http://seclists.org/bugtraq/2008/Nov/0070.html:
ClamAV contains an off-by-one heap overflow vulnerability in the
code responsible for parsing VBA project files. Successful
exploitation could allow an attacker to execute arbitrary code with
the privileges of the `clamd' process by sending an email with a
prepared attachment.
Vulnerable packages:
All versions up to 0.94 are vulnerable.
Version 0.94.1 fixes the problem.
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.94.dfsg.1-1~volatile1
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the volatile.debian.org FTP archive:
clamav-base_0.94.dfsg.1-1~volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-base_0.94.dfsg.1-1~volatile1_all.deb
clamav-daemon_0.94.dfsg.1-1~volatile1_amd64.deb
to pool/volatile/main/c/clamav/clamav-daemon_0.94.dfsg.1-1~volatile1_amd64.deb
clamav-dbg_0.94.dfsg.1-1~volatile1_amd64.deb
to pool/volatile/main/c/clamav/clamav-dbg_0.94.dfsg.1-1~volatile1_amd64.deb
clamav-docs_0.94.dfsg.1-1~volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-docs_0.94.dfsg.1-1~volatile1_all.deb
clamav-freshclam_0.94.dfsg.1-1~volatile1_amd64.deb
to
pool/volatile/main/c/clamav/clamav-freshclam_0.94.dfsg.1-1~volatile1_amd64.deb
clamav-milter_0.94.dfsg.1-1~volatile1_amd64.deb
to pool/volatile/main/c/clamav/clamav-milter_0.94.dfsg.1-1~volatile1_amd64.deb
clamav-testfiles_0.94.dfsg.1-1~volatile1_all.deb
to
pool/volatile/main/c/clamav/clamav-testfiles_0.94.dfsg.1-1~volatile1_all.deb
clamav_0.94.dfsg.1-1~volatile1.diff.gz
to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1-1~volatile1.diff.gz
clamav_0.94.dfsg.1-1~volatile1.dsc
to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1-1~volatile1.dsc
clamav_0.94.dfsg.1-1~volatile1_amd64.deb
to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1-1~volatile1_amd64.deb
clamav_0.94.dfsg.1.orig.tar.gz
to pool/volatile/main/c/clamav/clamav_0.94.dfsg.1.orig.tar.gz
libclamav-dev_0.94.dfsg.1-1~volatile1_amd64.deb
to pool/volatile/main/c/clamav/libclamav-dev_0.94.dfsg.1-1~volatile1_amd64.deb
libclamav5_0.94.dfsg.1-1~volatile1_amd64.deb
to pool/volatile/main/c/clamav/libclamav5_0.94.dfsg.1-1~volatile1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
volatile.debian.org distribution maintenance software
pp.
Michael Tautschnig <[EMAIL PROTECTED]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 12 Nov 2008 01:57:58 +0100
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base
clamav-freshclam clamav-testfiles libclamav5 clamav-daemon clamav-docs
Architecture: source amd64 all
Version: 0.94.dfsg.1-1~volatile1
Distribution: etch-volatile
Urgency: low
Maintainer: ClamAV Team <[EMAIL PROTECTED]>
Changed-By: Michael Tautschnig <[EMAIL PROTECTED]>
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus utility for Unix - scanner daemon
clamav-dbg - debug symbols for ClamAV
clamav-docs - anti-virus utility for Unix - documentation
clamav-freshclam - anti-virus utility for Unix - virus database update utility
clamav-milter - anti-virus utility for Unix - sendmail integration
clamav-testfiles - anti-virus utility for Unix - test files
libclamav-dev - anti-virus utility for Unix - development files
libclamav5 - anti-virus utility for Unix - library
Closes: 486076 500007 500416 501298 501627 502165 505134
Changes:
clamav (0.94.dfsg.1-1~volatile1) etch-volatile; urgency=low
.
[ Stephen Gran ]
* New upstream version (closes: #505134, #502165, #501298)
* Handle new option SubmitDetectionStats in freshclam.conf
* Remove RAR from the description, since we really don't handle it anymore
* Skip 'sleep until -e socket' logic if socket is of type inet (LP #296086)
.
[ Michael Meskes ]
* Changed watch file to account for dfsg extension.
* Do not configure temporary directory in clamd.conf anymore unless it is
already configured there.
* Added Basque debconf translation (closes: #500007)
.
[ Michael Tautschnig ]
* Use lsb's status_of_proc function to determine the status of the process
and return with according exit codes (closes: #486076)
* Updated Dutch debconf translation (thanks Paul Gevers <[EMAIL PROTECTED]>)
(closes: #501627)
* Changed versioned dependency of clamav-daemon to clamav-base to equals
(closes: #500416)
* Handle new option DetectionStatsCountry in freshclam.conf
* Don't trust the multilib guessing stuff, always use libdir=$prefix/lib
* Removed nowadays unused lintian overrides
* Create md5sums control file for clamav-dbg as well (thanks, lintian)
* Added myself as uploader.
Files:
1d7cd6c974117a046eabba4ec4fee920 967 utils optional
clamav_0.94.dfsg.1-1~volatile1.dsc
8637ed043ce1408486dbe31a5344cfcf 21796733 utils optional
clamav_0.94.dfsg.1.orig.tar.gz
5ddabd66d6538c1c3bb159d1f7919fe4 155608 utils optional
clamav_0.94.dfsg.1-1~volatile1.diff.gz
b76abf01dab717e79633bf733aa26f57 19208178 utils optional
clamav-base_0.94.dfsg.1-1~volatile1_all.deb
e0e60749631ee413c07f4f1b2634b80a 203166 utils optional
clamav-testfiles_0.94.dfsg.1-1~volatile1_all.deb
576a890b94d5d2437699c097c7a5d136 1074046 doc optional
clamav-docs_0.94.dfsg.1-1~volatile1_all.deb
a98a213bf26b2e6a83f6b0f31b30a61a 521226 libs optional
libclamav5_0.94.dfsg.1-1~volatile1_amd64.deb
346593d076e50ad8242e70cbe38dc259 231052 utils optional
clamav_0.94.dfsg.1-1~volatile1_amd64.deb
543f333d5931fd94cb2269fa788d38de 232956 utils optional
clamav-daemon_0.94.dfsg.1-1~volatile1_amd64.deb
cc11048932d9f5b6137bd3e9ad57b36b 248892 utils optional
clamav-freshclam_0.94.dfsg.1-1~volatile1_amd64.deb
f09e5e91e087fd723a258bdb0614339f 228140 utils extra
clamav-milter_0.94.dfsg.1-1~volatile1_amd64.deb
f4c654a30a12536f6479a6f100cddcbe 559516 libdevel optional
libclamav-dev_0.94.dfsg.1-1~volatile1_amd64.deb
b7ef731a2ec061f871e507373034f8b7 842912 utils extra
clamav-dbg_0.94.dfsg.1-1~volatile1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkaOIUACgkQvx6dH3bVKsSD8ACffJ9MMO/nKwvAtr1hEujjn9Je
oN8An2lzzPch9oXsWryZmGckifsDOp/x
=tYuW
-----END PGP SIGNATURE-----
--- End Message ---
