Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution
From: Johannes Wiedersich <jowied@googlemail.com>
Date: Wed, 10 Dec 2008 00:20:48 +0100
Message-id: <[🔎] 493EFD50.6010503@googlemail.com>
In-reply-to: <[🔎] 493F02E6020000AD00003801@mailserver.mapperlithography.com>
References: <[🔎] 493F02E6020000AD00003801@mailserver.mapperlithography.com>

Mapper ict department wrote:
> DSA-1680-1 clamav -- buffer overflow, stack consumption
> Date Reported: 04 Dec 2008
> In the Debian bugtracking system: Bug 505134, Bug 507624.
> In Mitre's CVE dictionary: CVE-2008-5050, CVE-2008-5314.

[snip]

> We have the volatile archive in the apt-get sources list:
> 
> http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free
> 
> But the fix is nor queued nor downloaded.
> 
> Isn't it so that apt-get always checks for updates and fixes from programs
> previously installed by apt-get? (I guess that is the case with us because
> the current version appears with dpkg -l).

Have you security support activated for your apt?

Add the line

deb http://security.debian.org/ stable/updates main

to your /etc/apt/sources.list (as described in the security announcement).

HTH,

Johannes

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution
  - From: "Mapper ict department" <ict@mapperlithography.com>

Prev by Date: Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution
Next by Date: RE: I need to see open connections this moment - With Iptables i can only see logs
Previous by thread: Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution
Next by thread: Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution
Index(es):
- Date
- Thread