Hello all, I have just uploaded a version of clamav to t-p-u to fix 3 security issues, and two translations. Changelog and code related changes are below. I would appreciate an unblock on this package. Thanks, Index: debian/changelog =================================================================== --- debian/changelog (.../0.88.7-1) (revision 341) +++ debian/changelog (.../0.88.7-2) (revision 341) @@ -1,3 +1,15 @@ +clamav (0.88.7-2) testing-proposed-updates; urgency=high + + * CVE unavailable at last upload was CVE-2006-6481 + * New translation: + - es.po (closes: #402668) + - gl.po (closes: #407281) + * [CVE-2007-0897] CAB File Denial of Service Vulnerability + * [CVE-2007-0898] MIME Parsing Directory Traversal Vulnerability + * [CVE-2007-0899] Possible heap overflow in libclamav/fsg.c + + -- Stephen Gran <sgran@debian.org> Fri, 16 Feb 2007 01:02:39 +0000 + clamav (0.88.7-1) unstable; urgency=medium * New upstream version Index: libclamav/mbox.c =================================================================== --- libclamav/mbox.c (.../0.88.7-1) (revision 341) +++ libclamav/mbox.c (.../0.88.7-2) (revision 341) @@ -3605,6 +3605,8 @@ char outname[NAME_MAX + 1]; time_t now; + sanitiseName(id); + snprintf(outname, sizeof(outname) - 1, "%s/%s", dir, id); cli_dbgmsg("outname: %s\n", outname); Index: libclamav/filetypes.c =================================================================== --- libclamav/filetypes.c (.../0.88.7-1) (revision 341) +++ libclamav/filetypes.c (.../0.88.7-2) (revision 341) @@ -59,7 +59,7 @@ {0, "\037\213", 2, "GZip", CL_TYPE_GZ}, {0, "BZh", 3, "BZip", CL_TYPE_BZ}, {0, "SZDD", 4, "compress.exe'd", CL_TYPE_MSSZDD}, - {0, "MSCF", 4, "MS CAB", CL_TYPE_MSCAB}, + /* {0, "MSCF", 4, "MS CAB", CL_TYPE_MSCAB}, */ {0, "ITSF", 4, "MS CHM", CL_TYPE_MSCHM}, {0, "#@~^", 4, "SCRENC", CL_TYPE_SCRENC}, {0, "(This file must be converted with BinHex 4.0)", Index: libclamav/fsg.c =================================================================== --- libclamav/fsg.c (.../0.88.7-1) (revision 341) +++ libclamav/fsg.c (.../0.88.7-2) (revision 341) @@ -72,7 +72,8 @@ char *csrc = source, *cdst = dest; int oob, lostbit = 1; - /* I assume buffers size is >0 - No checking! */ + if (ssize<=0 || dsize<=0) return -1; + *cdst++=*csrc++; while ( 1 ) { -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature