Your message dated Thu, 28 Jul 2005 01:17:30 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#320014: fixed in clamav 0.86.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Jul 2005 11:59:59 +0000
>From [EMAIL PROTECTED] Tue Jul 26 04:59:59 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail-out1.bk.kundencontroller.de [82.119.163.3]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DxO6J-0003cn-00; Tue, 26 Jul 2005 04:59:59 -0700
Received: from david (p54B2E67F.dip.t-dialin.net [84.178.230.127])
by mail-out1.bk.kundencontroller.de (Postfix) with ESMTP id CAF3923807
for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 13:59:58 +0200 (CEST)
Received: from localhost ([127.0.0.1] helo=raudies.homeip.net)
by david with esmtp id 1DxOq2-0004s9-No
for [EMAIL PROTECTED]; Tue, 26 Jul 2005 14:47:26 +0200
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 26 Jul 2005 14:47:14 +0200 (CEST)
Subject: ClamAV library heap overflows
From: "Oliver Paulus" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-15
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Score: -3.6 (---)
Content-Transfer-Encoding: quoted-printable
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,HAS_PACKAGE,
PRIORITY_NO_NAME autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: clamav
Version: 0.86.1-2
Severity: critical
clamav <=3D 0.86.1 has several heap overflows. "At least 4 of its file fo=
rmat
processors contain remote security bugs. Specifically, during the
processing of TNEF, CHM and FSG formats an attacker is able to trigger
several integer overflows that allow attackers to overwrite heap data to
obtain complete control of the system."
Original security advisory: http://www.rem0te.com/public/images/clamav.pd=
f
ClamAV 0.86.2 release notes:
http://sourceforge.net/project/shownotes.php?release_id=3D344514
Oliver Paulus
---------------------------------------
Received: (at 320014-close) by bugs.debian.org; 28 Jul 2005 08:25:07 +0000
>From [EMAIL PROTECTED] Thu Jul 28 01:25:06 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1Dy3a6-0005xV-00; Thu, 28 Jul 2005 01:17:30 -0700
From: Stephen Gran <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#320014: fixed in clamav 0.86.2-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 28 Jul 2005 01:17:30 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: clamav
Source-Version: 0.86.2-1
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:
clamav-base_0.86.2-1_all.deb
to pool/main/c/clamav/clamav-base_0.86.2-1_all.deb
clamav-daemon_0.86.2-1_i386.deb
to pool/main/c/clamav/clamav-daemon_0.86.2-1_i386.deb
clamav-docs_0.86.2-1_all.deb
to pool/main/c/clamav/clamav-docs_0.86.2-1_all.deb
clamav-freshclam_0.86.2-1_i386.deb
to pool/main/c/clamav/clamav-freshclam_0.86.2-1_i386.deb
clamav-milter_0.86.2-1_i386.deb
to pool/main/c/clamav/clamav-milter_0.86.2-1_i386.deb
clamav-testfiles_0.86.2-1_all.deb
to pool/main/c/clamav/clamav-testfiles_0.86.2-1_all.deb
clamav_0.86.2-1.diff.gz
to pool/main/c/clamav/clamav_0.86.2-1.diff.gz
clamav_0.86.2-1.dsc
to pool/main/c/clamav/clamav_0.86.2-1.dsc
clamav_0.86.2-1_i386.deb
to pool/main/c/clamav/clamav_0.86.2-1_i386.deb
clamav_0.86.2.orig.tar.gz
to pool/main/c/clamav/clamav_0.86.2.orig.tar.gz
libclamav-dev_0.86.2-1_i386.deb
to pool/main/c/clamav/libclamav-dev_0.86.2-1_i386.deb
libclamav1_0.86.2-1_i386.deb
to pool/main/c/clamav/libclamav1_0.86.2-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stephen Gran <[EMAIL PROTECTED]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 26 Jul 2005 08:57:49 -0400
Source: clamav
Binary: clamav libclamav-dev clamav-milter clamav-base clamav-freshclam
clamav-testfiles clamav-daemon libclamav1 clamav-docs
Architecture: source all i386
Version: 0.86.2-1
Distribution: unstable
Urgency: high
Maintainer: Stephen Gran <[EMAIL PROTECTED]>
Changed-By: Stephen Gran <[EMAIL PROTECTED]>
Description:
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
clamav-milter - antivirus scanner for sendmail
clamav-testfiles - use these files to test that your Antivirus program works
libclamav-dev - clam Antivirus library development files
libclamav1 - virus scanner library
Closes: 317853 319898 320014
Changes:
clamav (0.86.2-1) unstable; urgency=high
.
* New upstream version (closes: #319898, #320014)
* This upload will build against new libgmp3 (closes: #317853)
* This version fixes several security bugs, will put CANs in a later
changelog for reference
Files:
95755d9e5ca21939a31d0839a788d473 862 utils optional clamav_0.86.2-1.dsc
870de14ba123d6e9cba9850498c49f5d 4094829 utils optional
clamav_0.86.2.orig.tar.gz
83947ee18fbec35703192050da087963 187323 utils optional clamav_0.86.2-1.diff.gz
d7f2076effed3f4d6dbf04f5e866e893 164842 utils optional
clamav-base_0.86.2-1_all.deb
6d4d8c3f58ba208c28ff5f046a57fc82 126042 utils optional
clamav-testfiles_0.86.2-1_all.deb
5c379ca7e075b23e84e95a40959d4ab3 697310 utils optional
clamav-docs_0.86.2-1_all.deb
dce8495b25ea3fbe3c29abfda2e8582b 256466 libs optional
libclamav1_0.86.2-1_i386.deb
81b4a6ddbaddbf933a8e2fb3c5d380dd 65596 utils optional clamav_0.86.2-1_i386.deb
909b80343c5e89fd66cc935525af0d3f 38534 utils optional
clamav-daemon_0.86.2-1_i386.deb
797e1f21665a623d797a9e6a47d62d4c 2494814 utils optional
clamav-freshclam_0.86.2-1_i386.deb
261d4c532e780b19bed4e25327b3da48 37818 utils extra
clamav-milter_0.86.2-1_i386.deb
6b5f3aa6153eb68a6ae2583ad1715716 158688 libdevel optional
libclamav-dev_0.86.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC5jY4SYIMHOpZA44RAmA5AKDOcoi7xCuGcPzFCk8SK4FoUjwYJwCg0sDR
lyqY1A8QRMH8YViJGYLdCQI=
=KhBW
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
