clamav update via t-p-u

To: Debian Release <debian-release@lists.debian.org>
Subject: clamav update via t-p-u
From: Stephen Gran <sgran@debian.org>
Date: Fri, 16 Feb 2007 01:59:30 +0000
Message-id: <[🔎] 20070216015930.GA27803@www.lobefin.net>
Mail-followup-to: Debian Release <debian-release@lists.debian.org>

Hello all,

I have just uploaded a version of clamav to t-p-u to fix 3 security
issues, and two translations.  Changelog and code related changes are
below.

I would appreciate an unblock on this package.  

Thanks,

Index: debian/changelog
===================================================================
--- debian/changelog    (.../0.88.7-1)  (revision 341)
+++ debian/changelog    (.../0.88.7-2)  (revision 341)
@@ -1,3 +1,15 @@
+clamav (0.88.7-2) testing-proposed-updates; urgency=high
+
+  * CVE unavailable at last upload was CVE-2006-6481
+  * New translation:
+    - es.po (closes: #402668)
+    - gl.po (closes: #407281)
+  * [CVE-2007-0897] CAB File Denial of Service Vulnerability
+  * [CVE-2007-0898] MIME Parsing Directory Traversal Vulnerability
+  * [CVE-2007-0899] Possible heap overflow in libclamav/fsg.c
+
+ -- Stephen Gran <sgran@debian.org>  Fri, 16 Feb 2007 01:02:39 +0000
+
 clamav (0.88.7-1) unstable; urgency=medium

   * New upstream version
Index: libclamav/mbox.c
===================================================================
--- libclamav/mbox.c    (.../0.88.7-1)  (revision 341)
+++ libclamav/mbox.c    (.../0.88.7-2)  (revision 341)
@@ -3605,6 +3605,8 @@
            char outname[NAME_MAX + 1];
            time_t now;

+           sanitiseName(id);
+
            snprintf(outname, sizeof(outname) - 1, "%s/%s", dir, id);

            cli_dbgmsg("outname: %s\n", outname);
Index: libclamav/filetypes.c
===================================================================
--- libclamav/filetypes.c   (.../0.88.7-1)  (revision 341)
+++ libclamav/filetypes.c   (.../0.88.7-2)  (revision 341)
@@ -59,7 +59,7 @@
     {0,        "\037\213",         2,  "GZip",     CL_TYPE_GZ},
     {0,        "BZh",          3,  "BZip",     CL_TYPE_BZ},
     {0,        "SZDD",         4,  "compress.exe'd",   CL_TYPE_MSSZDD},
-    {0,        "MSCF",         4,  "MS CAB",       CL_TYPE_MSCAB},
+    /* {0,     "MSCF",         4,  "MS CAB",       CL_TYPE_MSCAB}, */
     {0,        "ITSF",         4,  "MS CHM",           CL_TYPE_MSCHM},
     {0,     "#@~^",            4,  "SCRENC",       CL_TYPE_SCRENC},
     {0,     "(This file must be converted with BinHex 4.0)",
Index: libclamav/fsg.c
===================================================================
--- libclamav/fsg.c (.../0.88.7-1)  (revision 341)
+++ libclamav/fsg.c (.../0.88.7-2)  (revision 341)
@@ -72,7 +72,8 @@
   char *csrc = source, *cdst = dest;
   int oob, lostbit = 1;

-  /* I assume buffers size is >0 - No checking! */
+  if (ssize<=0 || dsize<=0) return -1;
+
   *cdst++=*csrc++;

   while ( 1 ) {
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: please consider an update of Ipe in testing
Next by Date: Re: please consider gcc-4.0 (4.0.3ds1-9) for testing
Previous by thread: Re: please consider an update of Ipe in testing
Next by thread: Please unblock pconsole 1.0-7.1
Index(es):
- Date
- Thread