Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution
DSA-1680-1 clamav -- buffer overflow, stack consumption
Date Reported: 04 Dec 2008
In the Debian bugtracking system: Bug 505134, Bug 507624.
In Mitre's CVE dictionary: CVE-2008-5050, CVE-2008-5314.
Hello,
Im quite new at this so forgive me if i ask stupid questions.
We have Debian Etch with the volatile clamav installed. This is
the version:
0.94.dfsg.1-1~volatile1
That is the one affected if i am not mistaking.
We have the volatile archive in the apt-get sources list:
http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free
But the fix is nor queued nor downloaded.
Isn't it so that apt-get always checks for updates and fixes from programs
previously installed by apt-get? (I guess that is the case with us because
the current version appears with dpkg -l).
Thanks a lot for your answer.
With kind regards,
Tony
Reply to: