reopen 490925 thanks On Tue, 15 Jul 2008 10:21:51 pm Stephen Gran wrote: > close 490925 0.90.1dfsg-3etch12 > close 490925 0.93.1.dfsg-volatile1 > close 490925 0.93.1.dfsg-1 > thanks > > This one time, at band camp, Steffen Joeris said: > > Hi, > > the following CVE (Common Vulnerabilities & Exposures) id was > > published for clamav. > > > > CVE-2008-2713[0]: > > | libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to > > | cause a denial of service via a crafted Petite file that triggers an > > | out-of-bounds read. > > > > If you fix the vulnerability please also make sure to include the > > CVE id in your changelog entry. > > > > The DTSA released for this issue seems to have been incomplete. Please > > see this mail[1] and the additional upstream commit[2]. > > This has been uploaded for a while. Thanks for the report. I don't > know where the security upload has gone, the upload file says: Neither the stable-security upload, nor the testing-security upload address the new report. Also, I cannot see that the unstable version fixes it. I haven't checked volatile. Please check the email and upstream commit I pointed to in the first email and bare in mind that the original upstream fix was incomplete.
> 2008-06-16 23:22 clamav_0.90.1dfsg-3etch12_i386.upload > > So it's been uploaded for quite a while, but I don't see it on the > mirrors. It has not yet been released and lies in the queue. Cheers Steffen
signature.asc
Description: This is a digitally signed message part.