This one time, at band camp, Ralf Schlatterbeck said: > Comparing the exploitable code from > http://www.overflow.pl/adv/clamav_upx_heap.txt > to the code present in the source of libclamav1_0.84-2.sarge.9_i386.deb > it seems to me that the current stable version of libclamav1 is > vulnerable. > > Can you confirm/deny this? IMHO stable should be fixed?! > > I can supply a patch if needed.
I have done an upload to stable-security that fixes this vulnerability. The security team have just not yet made the fixed version available. Thanks, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
