Package: clamav Severity: grave Tags: security Hi,
The following CVE (Common Vulnerabilities & Exposures) ids were published for clamav. CVE-2008-5525[0]: | ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is | used, allows remote attackers to bypass detection of malware in an | HTML document by placing an MZ header (aka "EXE info") at the | beginning, and modifying the filename to have (1) no extension, (2) a | .txt extension, or (3) a .jpg extension, as demonstrated by a document | containing a CVE-2006-5745 exploit. Please coordinate with the security team (t...@security.debian.org) to prepare packages for the stable releases. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5525 http://security-tracker.debian.net/tracker/CVE-2008-5525 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
