Your message dated Wed, 12 Nov 2008 02:02:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#505134: fixed in clamav 0.94.dfsg.1-1
has caused the Debian Bug report #505134,
regarding clamav: ClamAV get_unicode_name() off-by-one buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
505134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505134
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: clamav
Version: 0.90.1-1
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been reported for clamav. There does not seem to be a CVE id
yet. From http://seclists.org/bugtraq/2008/Nov/0070.html:
ClamAV contains an off-by-one heap overflow vulnerability in the
code responsible for parsing VBA project files. Successful
exploitation could allow an attacker to execute arbitrary code with
the privileges of the `clamd' process by sending an email with a
prepared attachment.
Vulnerable packages:
All versions up to 0.94 are vulnerable.
Version 0.94.1 fixes the problem.
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.94.dfsg.1-1
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:
clamav-base_0.94.dfsg.1-1_all.deb
to pool/main/c/clamav/clamav-base_0.94.dfsg.1-1_all.deb
clamav-daemon_0.94.dfsg.1-1_i386.deb
to pool/main/c/clamav/clamav-daemon_0.94.dfsg.1-1_i386.deb
clamav-dbg_0.94.dfsg.1-1_i386.deb
to pool/main/c/clamav/clamav-dbg_0.94.dfsg.1-1_i386.deb
clamav-docs_0.94.dfsg.1-1_all.deb
to pool/main/c/clamav/clamav-docs_0.94.dfsg.1-1_all.deb
clamav-freshclam_0.94.dfsg.1-1_i386.deb
to pool/main/c/clamav/clamav-freshclam_0.94.dfsg.1-1_i386.deb
clamav-milter_0.94.dfsg.1-1_i386.deb
to pool/main/c/clamav/clamav-milter_0.94.dfsg.1-1_i386.deb
clamav-testfiles_0.94.dfsg.1-1_all.deb
to pool/main/c/clamav/clamav-testfiles_0.94.dfsg.1-1_all.deb
clamav_0.94.dfsg.1-1.diff.gz
to pool/main/c/clamav/clamav_0.94.dfsg.1-1.diff.gz
clamav_0.94.dfsg.1-1.dsc
to pool/main/c/clamav/clamav_0.94.dfsg.1-1.dsc
clamav_0.94.dfsg.1-1_i386.deb
to pool/main/c/clamav/clamav_0.94.dfsg.1-1_i386.deb
clamav_0.94.dfsg.1.orig.tar.gz
to pool/main/c/clamav/clamav_0.94.dfsg.1.orig.tar.gz
libclamav-dev_0.94.dfsg.1-1_i386.deb
to pool/main/c/clamav/libclamav-dev_0.94.dfsg.1-1_i386.deb
libclamav5_0.94.dfsg.1-1_i386.deb
to pool/main/c/clamav/libclamav5_0.94.dfsg.1-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tautschnig <[EMAIL PROTECTED]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 12 Nov 2008 01:57:58 +0100
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav5
clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all i386
Version: 0.94.dfsg.1-1
Distribution: unstable
Urgency: low
Maintainer: ClamAV Team <[EMAIL PROTECTED]>
Changed-By: Michael Tautschnig <[EMAIL PROTECTED]>
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus utility for Unix - scanner daemon
clamav-dbg - debug symbols for ClamAV
clamav-docs - anti-virus utility for Unix - documentation
clamav-freshclam - anti-virus utility for Unix - virus database update utility
clamav-milter - anti-virus utility for Unix - sendmail integration
clamav-testfiles - anti-virus utility for Unix - test files
libclamav-dev - anti-virus utility for Unix - development files
libclamav5 - anti-virus utility for Unix - library
Closes: 486076 500007 500416 501298 501627 502165 505134
Changes:
clamav (0.94.dfsg.1-1) unstable; urgency=low
.
[ Stephen Gran ]
* New upstream version (closes: #505134, #502165, #501298)
* Handle new option SubmitDetectionStats in freshclam.conf
* Remove RAR from the description, since we really don't handle it anymore
* Skip 'sleep until -e socket' logic if socket is of type inet (LP #296086)
.
[ Michael Meskes ]
* Added myself as uploader.
* Changed watch file to account for dfsg extension.
* Do not configure temporary directory in clamd.conf anymore unless it is
already configured there.
* Added Basque debconf translation (closes: #500007)
.
[ Michael Tautschnig ]
* Use lsb's status_of_proc function to determine the status of the process
and return with according exit codes (closes: #486076)
* Updated Dutch debconf translation (thanks Paul Gevers <[EMAIL PROTECTED]>)
(closes: #501627)
* Changed versioned dependency of clamav-daemon to clamav-base to equals
(closes: #500416)
* Handle new option DetectionStatsCountry in freshclam.conf
* Don't trust the multilib guessing stuff, always use libdir=$prefix/lib
* Removed nowadays unused lintian overrides
* Create md5sums control file for clamav-dbg as well (thanks, lintian)
Checksums-Sha1:
93da1eb62ce8fcd434a2b9a11f550a4f98cdb476 1387 clamav_0.94.dfsg.1-1.dsc
213e5aa589bb85725764f3899ebea2d5006399aa 21796733
clamav_0.94.dfsg.1.orig.tar.gz
4b884da631cad7f64acd9808f738276648564a68 159025 clamav_0.94.dfsg.1-1.diff.gz
4624e8aac4fd8486302a08e9d0477e2fb9599934 19209594
clamav-base_0.94.dfsg.1-1_all.deb
36b43ca3f6e3341374db580d29cefedeea8d85a1 205380
clamav-testfiles_0.94.dfsg.1-1_all.deb
5c72e7b2e2c4a9a72d2d96dd8267b480dd729579 1075072
clamav-docs_0.94.dfsg.1-1_all.deb
7b9148001050858a94b00d62595254ac7492828f 518824
libclamav5_0.94.dfsg.1-1_i386.deb
29f1c3f51b5fd711d578276fb5517be0d807e198 229864 clamav_0.94.dfsg.1-1_i386.deb
1137ef73fb058839e193704b81a0dbb6288f1ae7 227416
clamav-daemon_0.94.dfsg.1-1_i386.deb
0d84d68007aedbaaa297f4495b1681de7544cd11 248876
clamav-freshclam_0.94.dfsg.1-1_i386.deb
0c4698dab0e6170c7e1006d4224f58bb5bd68a2b 227326
clamav-milter_0.94.dfsg.1-1_i386.deb
9b063664e20961b081bc7774838d1aca41bb8801 536276
libclamav-dev_0.94.dfsg.1-1_i386.deb
a10bda2ef571450b4763bb0e523a7037a2a92a3c 804066
clamav-dbg_0.94.dfsg.1-1_i386.deb
Checksums-Sha256:
9b2e3f5d13e71c617d96fa228019934022dd4a951d037d25838b16a0f706cfba 1387
clamav_0.94.dfsg.1-1.dsc
133186417ea9d2cfa6c0221d72b083dd0370e5b94dbbf7ed2c3a664d1a0f3752 21796733
clamav_0.94.dfsg.1.orig.tar.gz
26f4c0dfb06387ef1082d0abb6441ca1825d83dac4b95ca32478b1025c412503 159025
clamav_0.94.dfsg.1-1.diff.gz
b3cfeffc372ad5e3209caf81f919b506fbea22eeba8864e2027e2f7ec2244d14 19209594
clamav-base_0.94.dfsg.1-1_all.deb
3ff649a0d7af53fdfbf6d90352c13380e77295ddc3c340f23096d866d1b0a737 205380
clamav-testfiles_0.94.dfsg.1-1_all.deb
bf191718da1ba5b50c75e0775c31c1d308df46f5bf44e85299765950e62c394b 1075072
clamav-docs_0.94.dfsg.1-1_all.deb
4669d8ffd67cfd78849da206c36049d5fd757e58be8fc176eaf9cd526886fcf3 518824
libclamav5_0.94.dfsg.1-1_i386.deb
d02d12cfd5c2208e32294e53b53e494e69c6fbfb337cb25b054e40ab3e0e2fa1 229864
clamav_0.94.dfsg.1-1_i386.deb
7862106b4760745712b37ba116a10380420c2b65a8e11288e9975709b248e9ea 227416
clamav-daemon_0.94.dfsg.1-1_i386.deb
874aee2d5e2c1768a02672ee7802602a7481bdbd8701de1b991c7533bc0744a8 248876
clamav-freshclam_0.94.dfsg.1-1_i386.deb
ae7e91fd707b9a3ccc4f5b5f422eca20964a7f9b38651945167c80720bb77935 227326
clamav-milter_0.94.dfsg.1-1_i386.deb
ff40263b509f7581abf7e7a457a8e6d983137b1401c0a6ad16fc3c1a67b76e15 536276
libclamav-dev_0.94.dfsg.1-1_i386.deb
00c3a2537820ffbc6a5c865712c32d71625783111a5c18754208e3379bcdcc52 804066
clamav-dbg_0.94.dfsg.1-1_i386.deb
Files:
eea85e1b567764495e07bf4dcda60381 1387 utils optional clamav_0.94.dfsg.1-1.dsc
8637ed043ce1408486dbe31a5344cfcf 21796733 utils optional
clamav_0.94.dfsg.1.orig.tar.gz
f23c91cbd988920e37d05807fcef8372 159025 utils optional
clamav_0.94.dfsg.1-1.diff.gz
ed7d66ae2263838001592f907ee60af1 19209594 utils optional
clamav-base_0.94.dfsg.1-1_all.deb
e9742644fdfe6d07bf0d9e97d82788c4 205380 utils optional
clamav-testfiles_0.94.dfsg.1-1_all.deb
7683397be27fbad981f11f5cd87c0590 1075072 doc optional
clamav-docs_0.94.dfsg.1-1_all.deb
392d1592801b2a6bbe6265333998d144 518824 libs optional
libclamav5_0.94.dfsg.1-1_i386.deb
b17741a00b0fd771c9560566f30e77e3 229864 utils optional
clamav_0.94.dfsg.1-1_i386.deb
0d9fcafc306b577e2071c0a430027381 227416 utils optional
clamav-daemon_0.94.dfsg.1-1_i386.deb
76f63c7c89cf2bba9995cdc700d6a224 248876 utils optional
clamav-freshclam_0.94.dfsg.1-1_i386.deb
077bf8e1b08f47ec3411a7fa494e5b8d 227326 utils extra
clamav-milter_0.94.dfsg.1-1_i386.deb
5d6f639006b8595ac953fd0f1293c3ed 536276 libdevel optional
libclamav-dev_0.94.dfsg.1-1_i386.deb
bf4f8346b1bcb6b31376910234ea87a5 804066 utils extra
clamav-dbg_0.94.dfsg.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkaNeAACgkQvx6dH3bVKsQbqgCglQg7+UX+HU9eIHZpS/GJprK+
m9EAoKxDcfwvulXPw6D9jTS7ordKgVBf
=IBP8
-----END PGP SIGNATURE-----
--- End Message ---
