close 490925 0.90.1dfsg-3etch12 close 490925 0.93.1.dfsg-volatile1 close 490925 0.93.1.dfsg-1 thanks
This one time, at band camp, Steffen Joeris said: > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for clamav. > > CVE-2008-2713[0]: > | libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to > | cause a denial of service via a crafted Petite file that triggers an > | out-of-bounds read. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > The DTSA released for this issue seems to have been incomplete. Please > see this mail[1] and the additional upstream commit[2]. This has been uploaded for a while. Thanks for the report. I don't know where the security upload has gone, the upload file says: 2008-06-16 23:22 clamav_0.90.1dfsg-3etch12_i386.upload So it's been uploaded for quite a while, but I don't see it on the mirrors. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature