Hi, On Sat, Dec 20, 2014 at 12:12:13PM +0100, Andreas Cadhalpun wrote: > Control: tags 773041 security > Control: severity 773041 grave > Justification: causes remote denial of service >
For info, I saw this a few days ago and reported it to the security team. It is indeed available in the wild, and is caused by the malformed CAB file. The version in wheezy and wheezy-updates will need separate fixes, as they change how they use libmspack, though the actual fix seems to be fairly trivial. The version in sid/jessie uses the packaged libmspack, so it'll need fixing there. > As it shows that clamd hangs in libmspack, I think this is bug > #773041 [1]. A possible fix is mentioned in [2]. We'll have to > include it in the libmspack copy embedded in clamav, which is used > in wheezy. > > 1: https://bugs.debian.org/773041 > 2: https://bugs.debian.org/773041#8 Thanks, Neil
signature.asc
Description: Digital signature