Bug#523016: marked as done (clamav vulnerability)

Debian Bug Tracking System Tue, 21 Apr 2009 15:59:09 -0700

Your message dated Tue, 21 Apr 2009 22:52:28 +0000 (UTC)
with message-id <20090421225228.5d4c1b...@verdi.debian.org>
and subject line Bug#523016: fixed in clamav 0.95.1+dfsg-1volatile1
has caused the Debian Bug report #523016,
regarding clamav vulnerability
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
523016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

package: clamav
severity: grave
tags: security

hi,

ubuntu recently patched a problem in clamav [1].  the description is:

  It was discovered that ClamAV did not properly verify its input when
  processing TAR archives. A remote attacker could send a specially
  crafted TAR file and cause a denial of service via infinite loop.

  It was discovered that ClamAV did not properly validate Portable
  Executable (PE) files. A remote attacker could send a crafted PE file
  and cause a denial of service (divide by zero).

i'm not sure if this is CVE-2009-1241 or if it a new issue.

[1] http://www.ubuntu.com/usn/usn-754-1

--- End Message ---

--- Begin Message ---

Source: clamav
Source-Version: 0.95.1+dfsg-1volatile1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the volatile.debian.org FTP archive:

clamav-base_0.95.1+dfsg-1volatile1_all.deb
  to pool/volatile/main/c/clamav/clamav-base_0.95.1+dfsg-1volatile1_all.deb
clamav-daemon_0.95.1+dfsg-1volatile1_amd64.deb
  to pool/volatile/main/c/clamav/clamav-daemon_0.95.1+dfsg-1volatile1_amd64.deb
clamav-dbg_0.95.1+dfsg-1volatile1_amd64.deb
  to pool/volatile/main/c/clamav/clamav-dbg_0.95.1+dfsg-1volatile1_amd64.deb
clamav-docs_0.95.1+dfsg-1volatile1_all.deb
  to pool/volatile/main/c/clamav/clamav-docs_0.95.1+dfsg-1volatile1_all.deb
clamav-freshclam_0.95.1+dfsg-1volatile1_amd64.deb
  to 
pool/volatile/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1volatile1_amd64.deb
clamav-milter_0.95.1+dfsg-1volatile1_amd64.deb
  to pool/volatile/main/c/clamav/clamav-milter_0.95.1+dfsg-1volatile1_amd64.deb
clamav-testfiles_0.95.1+dfsg-1volatile1_all.deb
  to pool/volatile/main/c/clamav/clamav-testfiles_0.95.1+dfsg-1volatile1_all.deb
clamav_0.95.1+dfsg-1volatile1.diff.gz
  to pool/volatile/main/c/clamav/clamav_0.95.1+dfsg-1volatile1.diff.gz
clamav_0.95.1+dfsg-1volatile1.dsc
  to pool/volatile/main/c/clamav/clamav_0.95.1+dfsg-1volatile1.dsc
clamav_0.95.1+dfsg-1volatile1_amd64.deb
  to pool/volatile/main/c/clamav/clamav_0.95.1+dfsg-1volatile1_amd64.deb
libclamav-dev_0.95.1+dfsg-1volatile1_amd64.deb
  to pool/volatile/main/c/clamav/libclamav-dev_0.95.1+dfsg-1volatile1_amd64.deb
libclamav6_0.95.1+dfsg-1volatile1_amd64.deb
  to pool/volatile/main/c/clamav/libclamav6_0.95.1+dfsg-1volatile1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 523...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

volatile.debian.org distribution maintenance software
pp.
Stephen Gran <sg...@debian.org> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@volatile.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 21 Apr 2009 21:40:13 +0100
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 
clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all amd64
Version: 0.95.1+dfsg-1volatile1
Distribution: lenny-volatile
Urgency: high
Maintainer: ClamAV Team <pkg-clamav-de...@lists.alioth.debian.org>
Changed-By: Stephen Gran <sg...@debian.org>
Description: 
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav6 - anti-virus utility for Unix - library
Closes: 523016
Changes: 
 clamav (0.95.1+dfsg-1volatile1) lenny-volatile; urgency=high
 .
   * Prepare volatile upload
   * Fixes DoS in tar unpacker (closes: #523016)
Checksums-Sha1: 
 c93d5d315bc6d9663abcecf0dcd44c8d1c27c2ec 1458 clamav_0.95.1+dfsg-1volatile1.dsc
 5b08fad75a8d4a6afeb71a2d4ef09635e3374ba0 236443 
clamav_0.95.1+dfsg-1volatile1.diff.gz
 9ce2cd3544fa3aaf41689161b0ec843b4d23713f 21398644 
clamav-base_0.95.1+dfsg-1volatile1_all.deb
 1146fb08f3bf2791b8d40b7bd9290a3a27e93007 223880 
clamav-testfiles_0.95.1+dfsg-1volatile1_all.deb
 1121935a57b985d814f8c4325888b16810850e25 1113636 
clamav-docs_0.95.1+dfsg-1volatile1_all.deb
 63d06edf73639340d9f27f28c6b7a8da5e4c979b 575684 
libclamav6_0.95.1+dfsg-1volatile1_amd64.deb
 f9bf90be5b40e53944b1f6b947cc4463ebc5f7f9 270754 
clamav_0.95.1+dfsg-1volatile1_amd64.deb
 65bfb5f532b66bb257205fdbf0945053bb21b82d 390626 
clamav-daemon_0.95.1+dfsg-1volatile1_amd64.deb
 7ae657cd09f7098dc050c34b93b4f021a11f4472 278140 
clamav-freshclam_0.95.1+dfsg-1volatile1_amd64.deb
 faa4db34800dc1a58b84094c8abf395668d70f44 262810 
clamav-milter_0.95.1+dfsg-1volatile1_amd64.deb
 afed429d5a1bf69a61e3c220ba565d05dbe7f21a 616402 
libclamav-dev_0.95.1+dfsg-1volatile1_amd64.deb
 9ee2ab3baa6442948870642d5fb4cb7c7957c521 1147536 
clamav-dbg_0.95.1+dfsg-1volatile1_amd64.deb
Checksums-Sha256: 
 7359db27693e3ae3e9b55f7979bed8c7d29919471a24f134a7bbf824647a36d2 1458 
clamav_0.95.1+dfsg-1volatile1.dsc
 401cb26febd64e3c17d6838cd1fa788a5872bf62ea66d46c5cc926cdd69a3d73 236443 
clamav_0.95.1+dfsg-1volatile1.diff.gz
 0bcae9ba9531afb1c439bd1f1c31f8d0a8f0a3ad442f9d5741c4ae4c0dbd3d18 21398644 
clamav-base_0.95.1+dfsg-1volatile1_all.deb
 bc5abd44d2debe6d4858b359e8be1c8e238641fac8b8f302715dc25ba9b459aa 223880 
clamav-testfiles_0.95.1+dfsg-1volatile1_all.deb
 cdc845d3a97a2d2eac1d1d88eead7b1dcbe82fcd1e328ba07233db39b9312e79 1113636 
clamav-docs_0.95.1+dfsg-1volatile1_all.deb
 9330fffbdad7ac20aadcf8a4a7f35a5d34efba2e9cd50a39e493c1e2459aa7da 575684 
libclamav6_0.95.1+dfsg-1volatile1_amd64.deb
 cd903ecdeefd85076650eae17e1bfb8e6dfb3b0ce242f80a946e241453a835c2 270754 
clamav_0.95.1+dfsg-1volatile1_amd64.deb
 9675fb6e318a9a0e1cb06c4ba1a5db749a9ea723bd944f34b1d248e3916bd890 390626 
clamav-daemon_0.95.1+dfsg-1volatile1_amd64.deb
 3d7d0af1013fbd058c58c23e0795fbc419875378e6743171d3cd147b574dd47d 278140 
clamav-freshclam_0.95.1+dfsg-1volatile1_amd64.deb
 16ad9ea880598205c6effe4c3bc590e4e0fbb5ce438fba7b73cbd5c3d60d953b 262810 
clamav-milter_0.95.1+dfsg-1volatile1_amd64.deb
 c7671a51bfcc9e2b6d7bf5b043f5214f3115edbb1037d86f99cd2a58e32388c3 616402 
libclamav-dev_0.95.1+dfsg-1volatile1_amd64.deb
 dfd67dd613ca7725c6988376ceaf9270728056eab7a5ca88f0af2736f05c61bb 1147536 
clamav-dbg_0.95.1+dfsg-1volatile1_amd64.deb
Files: 
 44a8f22486596bd12d19c36325a59531 1458 utils optional 
clamav_0.95.1+dfsg-1volatile1.dsc
 40f4aeb378545a98a428aa462cfb862b 236443 utils optional 
clamav_0.95.1+dfsg-1volatile1.diff.gz
 ff204e01a2a8fe2883d1abd4f65c569c 21398644 utils optional 
clamav-base_0.95.1+dfsg-1volatile1_all.deb
 bb50043c7fd7cf3cf2f98ec1bcb47f92 223880 utils optional 
clamav-testfiles_0.95.1+dfsg-1volatile1_all.deb
 3b5610282e5c93d6e2dacdee0d4d4b94 1113636 doc optional 
clamav-docs_0.95.1+dfsg-1volatile1_all.deb
 81d62665d47d94c2cf42f5d5ac7ebf42 575684 libs optional 
libclamav6_0.95.1+dfsg-1volatile1_amd64.deb
 1e9186b86ddfebeb6ac8be9abb28f7f6 270754 utils optional 
clamav_0.95.1+dfsg-1volatile1_amd64.deb
 1b1cc0c1ae4df224ceff369bd0cac29e 390626 utils optional 
clamav-daemon_0.95.1+dfsg-1volatile1_amd64.deb
 c6aa369720922c3a2b762f528668411c 278140 utils optional 
clamav-freshclam_0.95.1+dfsg-1volatile1_amd64.deb
 49d153d876f015c2f8389466a6b492e0 262810 utils extra 
clamav-milter_0.95.1+dfsg-1volatile1_amd64.deb
 541f199214c7b198caac95e2183a840c 616402 libdevel optional 
libclamav-dev_0.95.1+dfsg-1volatile1_amd64.deb
 531b9eb5d786224bc45d0eeea0d5a6a8 1147536 debug extra 
clamav-dbg_0.95.1+dfsg-1volatile1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknuScsACgkQSYIMHOpZA47+TgCfVnFQ84DuLZpVEAnGcBXTVlrN
mssAoMdX6BP7cY2xlgRoWUrw9rVKEpYD
=sn4m
-----END PGP SIGNATURE-----

--- End Message ---

Bug#523016: marked as done (clamav vulnerability)

Reply via email to