[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#706148: pu: package clamav/0.97.8+dfsg-1~squeeze1

On Saturday, April 27, 2013 11:43:08 AM Adam D. Barratt wrote:
> Control: tags -1 + pending
> 
> On Thu, 2013-04-25 at 08:53 -0400, Scott Kitterman wrote:
> > New clamav release with security fixes, all the usual reasons ....
> > 
> > 0.97.8
> > ------
> > ClamAV 0.97.8 addresses several reported potential security bugs.  Thanks
> > to Felix Groebert of the Google Security Team for finding and reporting
> > these issues.
> 
> Flagged for acceptance in to p-u; thanks.
> 
> I've also aged the unstable upload so we can get the fixes in to wheezy
> more quickly. Once that's sorted we can look at an SUA.
> 
> Regards,
> 
> Adam

Here's a rough of the SUA:

Debian Stable Updates Announcement SUA 33-1       http://www.debian.org
debian-release@lists.debian.org                         Scott Kitterman
April 28th, 2013
-----------------------------------------------------------------------

Package              : clamav
Version              : 0.97.8+dfsg-1~squeeze1
Importance           : medium

Upstream published version 0.97.8.

This is a bugfix release. The changes are not strictly required for
operation, but users of the previous version in squeeze may not be
able to make use of all current virus signatures and may get warnings.

The bug fixes that are part of this release include security-relevant
fixes. Felix Groebert of the Google Security Team  discovered
multiple security issues with clamav. An attacker could use these
to cause clamav to crash, resulting in a denial of service, or possibly
execute arbitrary code.  If you use clamav, we highly recommend you
upgrade to this version.

[the impact is whishy washy because we don't actually know what the impacts 
are and no one (AFAICT) is telling]

Scott K
Reply to: