Your message dated Tue, 21 Apr 2009 22:27:44 +0000 (UTC)
with message-id <20090421222744.e4978b...@verdi.debian.org>
and subject line Bug#523016: fixed in clamav 0.95.1+dfsg-0volatile1
has caused the Debian Bug report #523016,
regarding clamav vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
523016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: clamav
severity: grave
tags: security
hi,
ubuntu recently patched a problem in clamav [1]. the description is:
It was discovered that ClamAV did not properly verify its input when
processing TAR archives. A remote attacker could send a specially
crafted TAR file and cause a denial of service via infinite loop.
It was discovered that ClamAV did not properly validate Portable
Executable (PE) files. A remote attacker could send a crafted PE file
and cause a denial of service (divide by zero).
i'm not sure if this is CVE-2009-1241 or if it a new issue.
[1] http://www.ubuntu.com/usn/usn-754-1
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.95.1+dfsg-0volatile1
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the volatile.debian.org FTP archive:
clamav-base_0.95.1+dfsg-0volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-base_0.95.1+dfsg-0volatile1_all.deb
clamav-daemon_0.95.1+dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-daemon_0.95.1+dfsg-0volatile1_i386.deb
clamav-dbg_0.95.1+dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-dbg_0.95.1+dfsg-0volatile1_i386.deb
clamav-docs_0.95.1+dfsg-0volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-docs_0.95.1+dfsg-0volatile1_all.deb
clamav-freshclam_0.95.1+dfsg-0volatile1_i386.deb
to
pool/volatile/main/c/clamav/clamav-freshclam_0.95.1+dfsg-0volatile1_i386.deb
clamav-milter_0.95.1+dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav-milter_0.95.1+dfsg-0volatile1_i386.deb
clamav-testfiles_0.95.1+dfsg-0volatile1_all.deb
to pool/volatile/main/c/clamav/clamav-testfiles_0.95.1+dfsg-0volatile1_all.deb
clamav_0.95.1+dfsg-0volatile1.diff.gz
to pool/volatile/main/c/clamav/clamav_0.95.1+dfsg-0volatile1.diff.gz
clamav_0.95.1+dfsg-0volatile1.dsc
to pool/volatile/main/c/clamav/clamav_0.95.1+dfsg-0volatile1.dsc
clamav_0.95.1+dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/clamav_0.95.1+dfsg-0volatile1_i386.deb
clamav_0.95.1+dfsg.orig.tar.gz
to pool/volatile/main/c/clamav/clamav_0.95.1+dfsg.orig.tar.gz
libclamav-dev_0.95.1+dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/libclamav-dev_0.95.1+dfsg-0volatile1_i386.deb
libclamav6_0.95.1+dfsg-0volatile1_i386.deb
to pool/volatile/main/c/clamav/libclamav6_0.95.1+dfsg-0volatile1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 523...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
volatile.debian.org distribution maintenance software
pp.
Stephen Gran <sg...@debian.org> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@volatile.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 21 Apr 2009 21:40:13 +0100
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base
clamav-freshclam clamav-testfiles clamav-daemon clamav-docs libclamav6
Architecture: source i386 all
Version: 0.95.1+dfsg-0volatile1
Distribution: etch-volatile
Urgency: high
Maintainer: ClamAV Team <pkg-clamav-de...@lists.alioth.debian.org>
Changed-By: Stephen Gran <sg...@debian.org>
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus utility for Unix - scanner daemon
clamav-dbg - debug symbols for ClamAV
clamav-docs - anti-virus utility for Unix - documentation
clamav-freshclam - anti-virus utility for Unix - virus database update utility
clamav-milter - anti-virus utility for Unix - sendmail integration
clamav-testfiles - anti-virus utility for Unix - test files
libclamav-dev - anti-virus utility for Unix - development files
libclamav6 - anti-virus utility for Unix - library
Closes: 523016
Changes:
clamav (0.95.1+dfsg-0volatile1) etch-volatile; urgency=high
.
* Prepare volatile upload
* Fixes DoS in tar unpacker (closes: #523016)
Files:
dd241d11d635bfc8ccf30acd407589c2 1006 utils optional
clamav_0.95.1+dfsg-0volatile1.dsc
1e9618ac1b9b58e5c1c1b665adf26749 24233062 utils optional
clamav_0.95.1+dfsg.orig.tar.gz
82bb92c6d91305a2b64d2daa6cb2252e 236334 utils optional
clamav_0.95.1+dfsg-0volatile1.diff.gz
ff08b2705fccd01ced73d7c2e3ea072f 21396656 utils optional
clamav-base_0.95.1+dfsg-0volatile1_all.deb
c8216865e39ce3f401df519a09bcd632 222066 utils optional
clamav-testfiles_0.95.1+dfsg-0volatile1_all.deb
eaba90ededff3be36e77719aceeacc64 1110464 doc optional
clamav-docs_0.95.1+dfsg-0volatile1_all.deb
8677c1e7ae6459fa25fc029be129469d 574136 libs optional
libclamav6_0.95.1+dfsg-0volatile1_i386.deb
f47d263174a9b4419b63763a9aa37dd0 264470 utils optional
clamav_0.95.1+dfsg-0volatile1_i386.deb
15674a21c9f5f978bdbe8244dc75ceb2 373452 utils optional
clamav-daemon_0.95.1+dfsg-0volatile1_i386.deb
3a2f3041cd98756243732dd7317ab2ec 273618 utils optional
clamav-freshclam_0.95.1+dfsg-0volatile1_i386.deb
7fce16db587f1ef048c650a6e21f7325 256512 utils extra
clamav-milter_0.95.1+dfsg-0volatile1_i386.deb
040a6c3b8d2ab98d747b42a26d5f8721 602644 libdevel optional
libclamav-dev_0.95.1+dfsg-0volatile1_i386.deb
bd2ac5d8467b4a9bc8b80cb13f471061 1073060 debug extra
clamav-dbg_0.95.1+dfsg-0volatile1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJ7kD/SYIMHOpZA44RAq0eAKCWgZxB4n3VqI+JYNVFeY/znr3F/ACffFfC
Ecx2UrF0Zg/r1M7AxyJXv9U=
=HRmf
-----END PGP SIGNATURE-----
--- End Message ---
