Your message dated Wed, 17 Dec 2008 21:02:51 +0000
with message-id <e1ld3xf-0006ed...@ries.debian.org>
and subject line Bug#507624: fixed in clamav 0.90.1dfsg-4etch16
has caused the Debian Bug report #507624,
regarding clamav: recursive stack overflow in jpeg parsing code
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
507624: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507624
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: clamav
Version: 0.90.1dfsg-4etch15 , 0.94.dfsg-1 , 0.94.dfsg.2-1
Severity: grave
Tags: security
Justification: user security hole
ubuntu recently issued a security notice for clamav [1] that fixes a
recursive stack overflow problem in the jpeg parsing code. there is no CVE
id at this point, and the problem is already fixed upstream in clamav
version 0.94.2. further details can be found in the ubuntu bug log [2].
they issued fixes insanely fast on this one (within twenty-seven hours of the
initial report) -- very commendable.
thanks for working to keep debian secure.
[1] http://www.ubuntu.com/usn/usn-684-1
[2] https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/304017
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.90.1dfsg-4etch16
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:
clamav-base_0.90.1dfsg-4etch16_all.deb
to pool/main/c/clamav/clamav-base_0.90.1dfsg-4etch16_all.deb
clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
clamav-docs_0.90.1dfsg-4etch16_all.deb
to pool/main/c/clamav/clamav-docs_0.90.1dfsg-4etch16_all.deb
clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
clamav-milter_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_amd64.deb
clamav-testfiles_0.90.1dfsg-4etch16_all.deb
to pool/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch16_all.deb
clamav_0.90.1dfsg-4etch16.diff.gz
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16.diff.gz
clamav_0.90.1dfsg-4etch16.dsc
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16.dsc
clamav_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/clamav_0.90.1dfsg-4etch16_amd64.deb
libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
libclamav2_0.90.1dfsg-4etch16_amd64.deb
to pool/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 507...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stephen Gran <sg...@debian.org> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 03 Dec 2008 11:08:39 -0800
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base
clamav-freshclam clamav-testfiles clamav-daemon libclamav2 clamav-docs
Architecture: source amd64 all
Version: 0.90.1dfsg-4etch16
Distribution: stable-security
Urgency: high
Maintainer: Stephen Gran <sg...@debian.org>
Changed-By: Stephen Gran <sg...@debian.org>
Description:
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-dbg - debug symbols for clamav
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
clamav-milter - antivirus scanner for sendmail
clamav-testfiles - use these files to test that your Antivirus program works
libclamav-dev - clam Antivirus library development files
libclamav2 - virus scanner library
Closes: 505134 507624
Changes:
clamav (0.90.1dfsg-4etch16) stable-security; urgency=high
.
* [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow
(Closes: #505134)
* [CVE-2008-5314]: libclamav/special.c: respect recursion limits in
cli_check_jpeg_exploit() (Closes: #507624)
Files:
ebc60299a69aab41dfdb77e667e2857c 908 utils optional
clamav_0.90.1dfsg-4etch16.dsc
5ae1da1b6351a13b5c385919960ca9b7 216130 utils optional
clamav_0.90.1dfsg-4etch16.diff.gz
63e3898029276baf914fafa347747996 201408 utils optional
clamav-base_0.90.1dfsg-4etch16_all.deb
189a55ca25bdf9e03a0ae3b9f4a565e9 158564 utils optional
clamav-testfiles_0.90.1dfsg-4etch16_all.deb
5d316f2ea821b441971b0e05e58e481d 1003722 utils optional
clamav-docs_0.90.1dfsg-4etch16_all.deb
6207bf783731c636eaa192d696466a88 341684 libs optional
libclamav2_0.90.1dfsg-4etch16_amd64.deb
bc8b467814eb5b76b6a165ee7abbbb7d 856672 utils optional
clamav_0.90.1dfsg-4etch16_amd64.deb
99ba1e041488e76a7d6e457ed51536f0 179200 utils optional
clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
cd9f623cfb4f23d1777cf21e830d74b2 9302094 utils optional
clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
c2aa51b550584931f3f1b7b1f6df6508 177968 utils extra
clamav-milter_0.90.1dfsg-4etch16_amd64.deb
e0db968192096ac9215ab676b5750c7d 355706 libdevel optional
libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
5e87c000b193a1d25e03580496b91fc2 594608 utils extra
clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkk23UYACgkQvx6dH3bVKsTRRACgsWpbojk4+KJ9RFG/bM955F4A
5mkAni4qjTCXzElXZTnyyivsKkf+rm8B
=HHZI
-----END PGP SIGNATURE-----
--- End Message ---
