Re: DSA-887-1 clamav -- several vulnerabilities
Hi,
* Simonelli, Anthony M (asimonelli@acacorp.com) [051111 17:36]:
> I know that the security fixes have been made for the following branches of Debian:
>
> For the stable distribution (sarge) these problems have been fixed in version 0.84-2.sarge.6.
>
> For the unstable distribution (sid) these problems have been fixed in version 0.87.1-1
>
> But the version I am running on my server is 0.87.1-0volatile.3. Does this include the fix in the Debian Security Advisory report DSA-887-1 clamav ?
Please see VUA 7-1,
http://lists.debian.org/debian-volatile-announce/debian-volatile-announce-2005/msg00009.html
for details of this version. It fixes the following bugs:
CVE-2005-3239 : Possible loop in ole2_extract in parsing the property tree
CVE-2005-3303 : Heap overflow in ClamAV's FSG module
CVE-2005-3500 : DoS in CAB parsing
CVE-2005-3501 : DoS in mspack parsing
DSA 887-1 fixes the same bugs, see http://www.debian.org/security/2005/dsa-887.
BTW, it might be a good idea to subscribe to debian-volatile-announce,
as that list tells you about new updates.
Regards,
Andi
--
http://home.arcor.de/andreas-barth/
Reply to: