[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution



DSA-1680-1 clamav -- buffer overflow, stack consumption
Date Reported: 04 Dec 2008
In the Debian bugtracking system: Bug 505134, Bug 507624.
In Mitre's CVE dictionary: CVE-2008-5050, CVE-2008-5314.

Hello,

Im quite new at this so forgive me if i ask stupid questions.

We have Debian Etch with the volatile clamav installed. This is
the version:

0.94.dfsg.1-1~volatile1

That is the one affected if i am not mistaking.

We have the volatile archive in the apt-get sources list:

http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

But the fix is nor queued nor downloaded.

Isn't it so that apt-get always checks for updates and fixes from programs
previously installed by apt-get? (I guess that is the case with us because
the current version appears with dpkg -l).

Thanks a lot for your answer.

With kind regards,

Tony


Reply to: