Hi Stephen, * Stephen Gran <[EMAIL PROTECTED]> [2008-07-16 16:39]: > Just a note for the bug report - I'm a little busy right now with job > hunting and interviewing and so forth. If someone wants to NMU either a > fixed version or the new upstream, that's fine with me.
a debdiff for an NMU is attached and archived on: http://people.debian.org/~nion/nmu-diff/clamav-0.93.1.dfsg-1_0.93.1.dfsg-1.1.patch Note that I noticed that there is an infrastructure for dpatch but you removed dpatch a few uploads ago and I didn't want to reintroduce it for the security upload and thus I patched the source code directly. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u clamav-0.93.1.dfsg/debian/changelog clamav-0.93.1.dfsg/debian/changelog --- clamav-0.93.1.dfsg/debian/changelog +++ clamav-0.93.1.dfsg/debian/changelog @@ -1,3 +1,13 @@ +clamav (0.93.1.dfsg-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * This update addresses the following security issue: + - CVE-2008-2713: A crafted petite file can trigger an out-of-bound + read operation in petite.c resulting in a denial of sevice + (Closes: #490925). + + -- Nico Golde <[EMAIL PROTECTED]> Wed, 16 Jul 2008 16:54:49 +0200 + clamav (0.93.1.dfsg-1) unstable; urgency=low * New upstream version only in patch2: unchanged: --- clamav-0.93.1.dfsg.orig/libclamav/petite.c +++ clamav-0.93.1.dfsg/libclamav/petite.c @@ -214,8 +214,14 @@ /* Let's compact data */ for (t = 0; t < j ; t++) { usects[t].raw = (t>0)?(usects[t-1].raw + usects[t-1].rsz):0; - if (usects[t].rsz != 0 && CLI_ISCONTAINED(buf, bufsz, buf + usects[t].raw, usects[t].rsz)) - memmove(buf + usects[t].raw, adjbuf + usects[t].rva, usects[t].rsz); + if (usects[t].rsz != 0) + if(CLI_ISCONTAINED(buf, bufsz, buf + usects[t].raw, usects[t].rsz)) { + memmove(buf + usects[t].raw, adjbuf + usects[t].rva, usects[t].rsz); + } else { + cli_dbgmsg("Petite: Skipping section %d, Raw: %x, RSize:%x\n", t, usects[t].raw, usects[t].rsz); + usects[t].raw = t>0 ? usects[t-1].raw : 0; + usects[t].rsz = 0; + } } /* Showtime!!! */
pgpuuMyug6i1M.pgp
Description: PGP signature