Bug#523016: marked as done (clamav vulnerability)

Debian Bug Tracking System Tue, 21 Apr 2009 13:19:07 -0700

Your message dated Tue, 21 Apr 2009 19:53:50 +0000
with message-id <e1lwm2q-0004qa...@ries.debian.org>
and subject line Bug#523016: fixed in clamav 0.94.dfsg.2-1lenny2
has caused the Debian Bug report #523016,
regarding clamav vulnerability
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
523016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

package: clamav
severity: grave
tags: security

hi,

ubuntu recently patched a problem in clamav [1].  the description is:

  It was discovered that ClamAV did not properly verify its input when
  processing TAR archives. A remote attacker could send a specially
  crafted TAR file and cause a denial of service via infinite loop.

  It was discovered that ClamAV did not properly validate Portable
  Executable (PE) files. A remote attacker could send a crafted PE file
  and cause a denial of service (divide by zero).

i'm not sure if this is CVE-2009-1241 or if it a new issue.

[1] http://www.ubuntu.com/usn/usn-754-1

--- End Message ---

--- Begin Message ---

Source: clamav
Source-Version: 0.94.dfsg.2-1lenny2

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:

clamav-base_0.94.dfsg.2-1lenny2_all.deb
  to pool/main/c/clamav/clamav-base_0.94.dfsg.2-1lenny2_all.deb
clamav-daemon_0.94.dfsg.2-1lenny2_amd64.deb
  to pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_amd64.deb
clamav-dbg_0.94.dfsg.2-1lenny2_amd64.deb
  to pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_amd64.deb
clamav-docs_0.94.dfsg.2-1lenny2_all.deb
  to pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1lenny2_all.deb
clamav-freshclam_0.94.dfsg.2-1lenny2_amd64.deb
  to pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_amd64.deb
clamav-milter_0.94.dfsg.2-1lenny2_amd64.deb
  to pool/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_amd64.deb
clamav-testfiles_0.94.dfsg.2-1lenny2_all.deb
  to pool/main/c/clamav/clamav-testfiles_0.94.dfsg.2-1lenny2_all.deb
clamav_0.94.dfsg.2-1lenny2.diff.gz
  to pool/main/c/clamav/clamav_0.94.dfsg.2-1lenny2.diff.gz
clamav_0.94.dfsg.2-1lenny2.dsc
  to pool/main/c/clamav/clamav_0.94.dfsg.2-1lenny2.dsc
clamav_0.94.dfsg.2-1lenny2_amd64.deb
  to pool/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_amd64.deb
libclamav-dev_0.94.dfsg.2-1lenny2_amd64.deb
  to pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_amd64.deb
libclamav5_0.94.dfsg.2-1lenny2_amd64.deb
  to pool/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 523...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tautschnig <m...@debian.org> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 Apr 2009 16:53:46 +0200
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav5 
clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all amd64
Version: 0.94.dfsg.2-1lenny2
Distribution: stable-security
Urgency: low
Maintainer: ClamAV Team <pkg-clamav-de...@lists.alioth.debian.org>
Changed-By: Michael Tautschnig <m...@debian.org>
Description: 
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav5 - anti-virus utility for Unix - library
Closes: 522744 523016
Changes: 
 clamav (0.94.dfsg.2-1lenny2) stable-security; urgency=low
 .
   [ Scott Kittermann ]
   * Backported change from 0.95 of FLEVEL_DCONF to be able to re-enable
     signatures when security issues have been fixed.
   * Security issues addressed in this release (closes: #523016, 522744):
     - [CVE-2008-6680] Fixed division by zero with --detect-broken.
     - [CVE-2009-1270] clamd and clamscan get hung up.
 .
   [ Michael Tautschnig ]
   * Backported hardening of CLI_ISCONTAINED macros (fixes UPack crash with
     malformed file, #1552)
Checksums-Sha1: 
 fc6b8dcd20d1f90a79449a6426acac0d752e13ca 1411 clamav_0.94.dfsg.2-1lenny2.dsc
 73a8968a1925efea50260c75f1a1b7807af8ac9d 22073819 
clamav_0.94.dfsg.2.orig.tar.gz
 e3bead31261af5b3136d89c3628eb775bf6a7445 159237 
clamav_0.94.dfsg.2-1lenny2.diff.gz
 8a0972042905e1b990c664a6533f8a3639760103 19495586 
clamav-base_0.94.dfsg.2-1lenny2_all.deb
 47166eb70ad101cedd6708a2a953e4a616eec6dd 207358 
clamav-testfiles_0.94.dfsg.2-1lenny2_all.deb
 e9cd1ac872caed7be353a5420be255db313ea0d8 1079046 
clamav-docs_0.94.dfsg.2-1lenny2_all.deb
 ff7d159c84620355febc3ec29532bcc66cf10b29 537718 
libclamav5_0.94.dfsg.2-1lenny2_amd64.deb
 90a04fe682c9158eaa568e00f7c52ff66577435f 234846 
clamav_0.94.dfsg.2-1lenny2_amd64.deb
 4f068481cf8ce790a0ff1cb80827fe8575a830fd 237738 
clamav-daemon_0.94.dfsg.2-1lenny2_amd64.deb
 b06737af1e17fb02b8f42f93fbf82c1ce747beb2 252658 
clamav-freshclam_0.94.dfsg.2-1lenny2_amd64.deb
 eb5d966256f13e4f9a2a9add8060c176df2e0509 231494 
clamav-milter_0.94.dfsg.2-1lenny2_amd64.deb
 ad0e7722e8758fdb26e606a6a2fa19465b895dc0 571656 
libclamav-dev_0.94.dfsg.2-1lenny2_amd64.deb
 6ecc0f9a26b407b2980e3d5d2f0197469236b307 865116 
clamav-dbg_0.94.dfsg.2-1lenny2_amd64.deb
Checksums-Sha256: 
 e11254e010391ec0539087e4fc31492d1ca9ad0981a4d9cbbfb50df7758026d5 1411 
clamav_0.94.dfsg.2-1lenny2.dsc
 421aedf91ade791a5609d1127399a153aa856712e33c2ae59f7b88e2605c05ed 22073819 
clamav_0.94.dfsg.2.orig.tar.gz
 950519b5aa2fb5e7c310645dfec0361ec0850b4e29b122797a8893baea35eaa2 159237 
clamav_0.94.dfsg.2-1lenny2.diff.gz
 7d49639d8abf114d42e5acf73e73ac5718a8cadade52470374fb7d16eeb41841 19495586 
clamav-base_0.94.dfsg.2-1lenny2_all.deb
 ac0e033f9bad41eecffbd03e9ec0217bc7cb26d1ddb6b1c2f071be6afeffbccd 207358 
clamav-testfiles_0.94.dfsg.2-1lenny2_all.deb
 1d6dc78a08692689aa86aa28ee70c5bc1b2814574127c6c15e13666c80bed558 1079046 
clamav-docs_0.94.dfsg.2-1lenny2_all.deb
 e538d25855d19d4e450272d2267e2ccb60dab4c0f17b3c6c3bc8ad634e17ec4a 537718 
libclamav5_0.94.dfsg.2-1lenny2_amd64.deb
 0e92a454d3e221c3138eefd68b2e4e1d85c0cbcc0bbfca24b2184c5c0f7dd6a4 234846 
clamav_0.94.dfsg.2-1lenny2_amd64.deb
 cf143e24556d134e66047815aa5b5bb1996fba2eb6ab530327023cdd86a3be4f 237738 
clamav-daemon_0.94.dfsg.2-1lenny2_amd64.deb
 7a64910633060212d72dbf6a6e6a5c4624ef190185afb38b5caa795a618735ef 252658 
clamav-freshclam_0.94.dfsg.2-1lenny2_amd64.deb
 d8c12a92e43dce90ca9c7a80715f062e3dfc021264197707412218c7734f37b2 231494 
clamav-milter_0.94.dfsg.2-1lenny2_amd64.deb
 884b5954705b61b55d77df0a3ecfd9f26ee8b55c6fbcf8c87a3f2e17a36ec869 571656 
libclamav-dev_0.94.dfsg.2-1lenny2_amd64.deb
 68c3c8ea4220d6fa8efbeb6452a457fa195c29cd92af7b80161615edc0473c39 865116 
clamav-dbg_0.94.dfsg.2-1lenny2_amd64.deb
Files: 
 5217b56ac23f06ca65ef3ea5aeb24841 1411 utils optional 
clamav_0.94.dfsg.2-1lenny2.dsc
 7b45b0c54b887b23cb49e4bff807cf58 22073819 utils optional 
clamav_0.94.dfsg.2.orig.tar.gz
 d31334a956f54c30cb95c99273c6de7e 159237 utils optional 
clamav_0.94.dfsg.2-1lenny2.diff.gz
 0fffde16847013d6adce47a0457f455f 19495586 utils optional 
clamav-base_0.94.dfsg.2-1lenny2_all.deb
 4cfa028b1b7f9408e300a22ec807c6e7 207358 utils optional 
clamav-testfiles_0.94.dfsg.2-1lenny2_all.deb
 649f899e8d50b7c00a5d463038a158b7 1079046 doc optional 
clamav-docs_0.94.dfsg.2-1lenny2_all.deb
 e2d98d5abaa6dc69c7f04a2fba6b85aa 537718 libs optional 
libclamav5_0.94.dfsg.2-1lenny2_amd64.deb
 c4e05de999689f8ee619bf64e6e8802b 234846 utils optional 
clamav_0.94.dfsg.2-1lenny2_amd64.deb
 8d44aa0a9a253c0be06b404853e777cd 237738 utils optional 
clamav-daemon_0.94.dfsg.2-1lenny2_amd64.deb
 51e70fea9d6da3ef8ff426ea74597604 252658 utils optional 
clamav-freshclam_0.94.dfsg.2-1lenny2_amd64.deb
 b975f22836d8de10d74f304ae6c614a4 231494 utils extra 
clamav-milter_0.94.dfsg.2-1lenny2_amd64.deb
 9c2734c96a92f5aad81d1ed74c0b41a9 571656 libdevel optional 
libclamav-dev_0.94.dfsg.2-1lenny2_amd64.deb
 4b8762dca5e0ef54edc4edf1b09c6c5e 865116 utils extra 
clamav-dbg_0.94.dfsg.2-1lenny2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknk6QsACgkQvx6dH3bVKsSJ4QCgoTg4A5iQCKNp/oRGdgiiGYyH
Q7IAn04iuNfl3+8nXDmyBGG5EzQ79AR8
=BsnP
-----END PGP SIGNATURE-----

--- End Message ---

Bug#523016: marked as done (clamav vulnerability)

Reply via email to