Your message dated Fri, 10 Apr 2009 16:20:18 +0000 (UTC)
with message-id <20090410162018.aaf03b...@verdi.debian.org>
and subject line Bug#523016: fixed in clamav 0.94.dfsg.2-1~volatile2
has caused the Debian Bug report #523016,
regarding clamav vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
523016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: clamav
severity: grave
tags: security
hi,
ubuntu recently patched a problem in clamav [1]. the description is:
It was discovered that ClamAV did not properly verify its input when
processing TAR archives. A remote attacker could send a specially
crafted TAR file and cause a denial of service via infinite loop.
It was discovered that ClamAV did not properly validate Portable
Executable (PE) files. A remote attacker could send a crafted PE file
and cause a denial of service (divide by zero).
i'm not sure if this is CVE-2009-1241 or if it a new issue.
[1] http://www.ubuntu.com/usn/usn-754-1
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.94.dfsg.2-1~volatile2
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the volatile.debian.org FTP archive:
clamav-base_0.94.dfsg.2-1~volatile2_all.deb
to pool/volatile/main/c/clamav/clamav-base_0.94.dfsg.2-1~volatile2_all.deb
clamav-daemon_0.94.dfsg.2-1~volatile2_amd64.deb
to pool/volatile/main/c/clamav/clamav-daemon_0.94.dfsg.2-1~volatile2_amd64.deb
clamav-dbg_0.94.dfsg.2-1~volatile2_amd64.deb
to pool/volatile/main/c/clamav/clamav-dbg_0.94.dfsg.2-1~volatile2_amd64.deb
clamav-docs_0.94.dfsg.2-1~volatile2_all.deb
to pool/volatile/main/c/clamav/clamav-docs_0.94.dfsg.2-1~volatile2_all.deb
clamav-freshclam_0.94.dfsg.2-1~volatile2_amd64.deb
to
pool/volatile/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1~volatile2_amd64.deb
clamav-milter_0.94.dfsg.2-1~volatile2_amd64.deb
to pool/volatile/main/c/clamav/clamav-milter_0.94.dfsg.2-1~volatile2_amd64.deb
clamav-testfiles_0.94.dfsg.2-1~volatile2_all.deb
to
pool/volatile/main/c/clamav/clamav-testfiles_0.94.dfsg.2-1~volatile2_all.deb
clamav_0.94.dfsg.2-1~volatile2.diff.gz
to pool/volatile/main/c/clamav/clamav_0.94.dfsg.2-1~volatile2.diff.gz
clamav_0.94.dfsg.2-1~volatile2.dsc
to pool/volatile/main/c/clamav/clamav_0.94.dfsg.2-1~volatile2.dsc
clamav_0.94.dfsg.2-1~volatile2_amd64.deb
to pool/volatile/main/c/clamav/clamav_0.94.dfsg.2-1~volatile2_amd64.deb
libclamav-dev_0.94.dfsg.2-1~volatile2_amd64.deb
to pool/volatile/main/c/clamav/libclamav-dev_0.94.dfsg.2-1~volatile2_amd64.deb
libclamav5_0.94.dfsg.2-1~volatile2_amd64.deb
to pool/volatile/main/c/clamav/libclamav5_0.94.dfsg.2-1~volatile2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 523...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
volatile.debian.org distribution maintenance software
pp.
Michael Tautschnig <m...@debian.org> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@volatile.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 09 Apr 2009 22:05:21 +0200
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base
clamav-freshclam clamav-testfiles libclamav5 clamav-daemon clamav-docs
Architecture: source amd64 all
Version: 0.94.dfsg.2-1~volatile2
Distribution: etch-volatile
Urgency: low
Maintainer: ClamAV Team <pkg-clamav-de...@lists.alioth.debian.org>
Changed-By: Michael Tautschnig <m...@debian.org>
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus utility for Unix - scanner daemon
clamav-dbg - debug symbols for ClamAV
clamav-docs - anti-virus utility for Unix - documentation
clamav-freshclam - anti-virus utility for Unix - virus database update utility
clamav-milter - anti-virus utility for Unix - sendmail integration
clamav-testfiles - anti-virus utility for Unix - test files
libclamav-dev - anti-virus utility for Unix - development files
libclamav5 - anti-virus utility for Unix - library
Closes: 522744 523016
Changes:
clamav (0.94.dfsg.2-1~volatile2) etch-volatile; urgency=low
.
[ Scott Kittermann ]
* Backported change from 0.95 of FLEVEL_DCONF to be able to re-enable
signatures when security issues have been fixed.
* Security issues addressed in this release (closes: #523016, 522744):
- [CVE-2008-6680] Fixed division by zero with --detect-broken.
- [CVE-2009-1270] clamd and clamscan get hung up.
Files:
1293a9f27fe5a6ae4178ef458ef7c95e 995 utils optional
clamav_0.94.dfsg.2-1~volatile2.dsc
4b9528da4cbc59597f052401058d97a5 156074 utils optional
clamav_0.94.dfsg.2-1~volatile2.diff.gz
765f3b3a4f227a02255d0de7de7ee655 19493774 utils optional
clamav-base_0.94.dfsg.2-1~volatile2_all.deb
97480bbe14601560b73829bd4ef25d0a 205536 utils optional
clamav-testfiles_0.94.dfsg.2-1~volatile2_all.deb
5fa0bde0006677aa9ec46be1d419d032 1077216 doc optional
clamav-docs_0.94.dfsg.2-1~volatile2_all.deb
d56c1efb1a0d178139b2777e7fc2b44a 523828 libs optional
libclamav5_0.94.dfsg.2-1~volatile2_amd64.deb
f1ab886de0551a8f4b2d5efb5a105092 232490 utils optional
clamav_0.94.dfsg.2-1~volatile2_amd64.deb
1fd04b791dd100da758a97ff8985c014 234876 utils optional
clamav-daemon_0.94.dfsg.2-1~volatile2_amd64.deb
fde842ce595a66073e8bcc7b1d8ccb0d 250374 utils optional
clamav-freshclam_0.94.dfsg.2-1~volatile2_amd64.deb
931ccdb3e1d717832d68f64bf86e4fa3 228090 utils extra
clamav-milter_0.94.dfsg.2-1~volatile2_amd64.deb
f1aaade7a09ab9fa719b696a898ff9f2 561302 libdevel optional
libclamav-dev_0.94.dfsg.2-1~volatile2_amd64.deb
03f59f029faa22ea7d0d939e39383d5b 845758 utils extra
clamav-dbg_0.94.dfsg.2-1~volatile2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJ32FWvx6dH3bVKsQRAoYUAJ9jekWHPpfT3biDGjwwD39yIkJUqQCgz2B0
u3ubJ0Mclhf+Palm6xBGmh0=
=8Ckd
-----END PGP SIGNATURE-----
--- End Message ---
