Re: [VUA 51-1] Updated clamav version

To: Andreas Barth <aba@not.so.argh.org>
Cc: debian-volatile@lists.debian.org
Subject: Re: [VUA 51-1] Updated clamav version
From: Etienne Favey <ef@favey.ch>
Date: Thu, 11 Dec 2008 13:46:08 +0100
Message-id: <[🔎] 49410B90.3030507@favey.ch>
In-reply-to: <20081211055557.GE25751@mails.so.argh.org>
References: <20081211055557.GE25751@mails.so.argh.org>

Hi Andreas,

Thanks for the note.
Yet it seems like the Packages files on volatile.debian.org and its
mirrors do not reflect availability of the new version.

Sincerely,

Etienne



Andreas Barth wrote:
> ---------------------------------------------------------------------------
> Debian Volatile Update Announcement VUA 51-1     http://volatile.debian.org
> debian-volatile@lists.debian.org                               Stephen Gran
> Dec 11, 2008
> ---------------------------------------------------------------------------
> 
> Package              : clamav
> Version              : 0.94.dfsg.2-1~volatile1
> Importance           : medium
> CVE IDs              : CVE-2008-5050 CVE-2008-5314
> 
> The following security flaws were found and fixed in clamav:
> 
> CVE-2008-5050
> 
>     Off-by-one error in the get_unicode_name function
>     (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1
>     allows remote attackers to cause a denial of service (crash) or
>     possibly execute arbitrary code via a crafted VBA project file,
>     which triggers a heap-based buffer overflow.
> 
> CVE-2008-5314 
> 
>     Stack consumption vulnerability in libclamav/special.c in
>     ClamAV before 0.94.2 allows remote attackers to cause a denial
>     of service (daemon crash) via a crafted JPEG file, related
>     to the cli_check_jpeg_exploit, jpeg_check_photoshop, and
>     jpeg_check_photoshop_8bim functions.
> 
> 
> If you use clamav, we recommend you upgrade to this version.
> 
> 
> Upgrade Instructions
> --------------------
> 
> You can get the updated packages at
> 
> http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav
> 
> and install them with dpkg, or add 
> 
>  deb http://volatile.debian.org/debian-volatile etch/volatile main
>  deb-src http://volatile.debian.org/debian-volatile etch/volatile main
> 
> to your /etc/apt/sources.list. You can also use any of our mirrors.  See
> http://www.debian.org/volatile/volatile-mirrors for the full list of
> mirrors.  The archive signing keys can be downloaded from
> http://volatile.debian.org/ziyi-etch.asc and additionaly was included in
> the stable point release r1 in Debian Etch.
> 
> For further information about debian-volatile, please refer to
> http://www.debian.org/volatile/.
> 
> If there are any issues, please don't hesitate to get in touch with the
> debian-volatile team.

Reply to:

Follow-Ups:
- Re: [VUA 51-1] Updated clamav version
  - From: Robert Middleswarth <robert@middleswarth.net>

Prev by Date: Re: [VUA 51-1] Updated clamav version
Next by Date: Re: [VUA 51-1] Updated clamav version
Previous by thread: Re: [VUA 51-1] Updated clamav version
Next by thread: Re: [VUA 51-1] Updated clamav version
Index(es):
- Date
- Thread