Your message dated Wed, 16 Jul 2008 17:32:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#490925: fixed in clamav 0.93.1.dfsg-1.1
has caused the Debian Bug report #490925,
regarding CVE-2008-2713: DoS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
490925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490925
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libclamav4
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for clamav.
CVE-2008-2713[0]:
| libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to
| cause a denial of service via a crafted Petite file that triggers an
| out-of-bounds read.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
The DTSA released for this issue seems to have been incomplete. Please
see this mail[1] and the additional upstream commit[2].
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
http://security-tracker.debian.net/tracker/CVE-2008-2713
[1] http://www.openwall.com/lists/oss-security/2008/07/15/1
[2]
http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.93.1.dfsg-1.1
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:
clamav-base_0.93.1.dfsg-1.1_all.deb
to pool/main/c/clamav/clamav-base_0.93.1.dfsg-1.1_all.deb
clamav-daemon_0.93.1.dfsg-1.1_amd64.deb
to pool/main/c/clamav/clamav-daemon_0.93.1.dfsg-1.1_amd64.deb
clamav-dbg_0.93.1.dfsg-1.1_amd64.deb
to pool/main/c/clamav/clamav-dbg_0.93.1.dfsg-1.1_amd64.deb
clamav-docs_0.93.1.dfsg-1.1_all.deb
to pool/main/c/clamav/clamav-docs_0.93.1.dfsg-1.1_all.deb
clamav-freshclam_0.93.1.dfsg-1.1_amd64.deb
to pool/main/c/clamav/clamav-freshclam_0.93.1.dfsg-1.1_amd64.deb
clamav-milter_0.93.1.dfsg-1.1_amd64.deb
to pool/main/c/clamav/clamav-milter_0.93.1.dfsg-1.1_amd64.deb
clamav-testfiles_0.93.1.dfsg-1.1_all.deb
to pool/main/c/clamav/clamav-testfiles_0.93.1.dfsg-1.1_all.deb
clamav_0.93.1.dfsg-1.1.diff.gz
to pool/main/c/clamav/clamav_0.93.1.dfsg-1.1.diff.gz
clamav_0.93.1.dfsg-1.1.dsc
to pool/main/c/clamav/clamav_0.93.1.dfsg-1.1.dsc
clamav_0.93.1.dfsg-1.1_amd64.deb
to pool/main/c/clamav/clamav_0.93.1.dfsg-1.1_amd64.deb
libclamav-dev_0.93.1.dfsg-1.1_amd64.deb
to pool/main/c/clamav/libclamav-dev_0.93.1.dfsg-1.1_amd64.deb
libclamav4_0.93.1.dfsg-1.1_amd64.deb
to pool/main/c/clamav/libclamav4_0.93.1.dfsg-1.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 16 Jul 2008 16:54:49 +0200
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav4
clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all amd64
Version: 0.93.1.dfsg-1.1
Distribution: unstable
Urgency: high
Maintainer: Stephen Gran <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus utility for Unix - scanner daemon
clamav-dbg - debug symbols for ClamAV
clamav-docs - anti-virus utility for Unix - documentation
clamav-freshclam - anti-virus utility for Unix - virus database update utility
clamav-milter - anti-virus utility for Unix - sendmail integration
clamav-testfiles - anti-virus utility for Unix - test files
libclamav-dev - anti-virus utility for Unix - development files
libclamav4 - anti-virus utility for Unix - library
Closes: 490925
Changes:
clamav (0.93.1.dfsg-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* This update addresses the following security issue:
- CVE-2008-2713: A crafted petite file can trigger an out-of-bound
read operation in petite.c resulting in a denial of sevice
(Closes: #490925).
Checksums-Sha1:
8661683cac5e973adc23ffd873d71aa115498b36 1301 clamav_0.93.1.dfsg-1.1.dsc
f1be94ecb79b09def897eb3c80f741af178446f2 154698 clamav_0.93.1.dfsg-1.1.diff.gz
3161ce154c6c41627353dbd4d4133df089a403be 15326234
clamav-base_0.93.1.dfsg-1.1_all.deb
e2f31ab6573c527fb999704071de0cbff3d06b8e 193812
clamav-testfiles_0.93.1.dfsg-1.1_all.deb
07ca4e779931a1a3c1570ce2667ad8f411cfd6fb 1051642
clamav-docs_0.93.1.dfsg-1.1_all.deb
e7b729f6dde586c2ca5b3fdb897f6ad66332d853 479088
libclamav4_0.93.1.dfsg-1.1_amd64.deb
9553f0521766245ead59b11c834f533325583898 224240
clamav_0.93.1.dfsg-1.1_amd64.deb
92fa8e5410114968f61e4596bfd07373065907a0 217386
clamav-daemon_0.93.1.dfsg-1.1_amd64.deb
eefc8fb7525381540b76d87ff849c1ffcd029a0e 231602
clamav-freshclam_0.93.1.dfsg-1.1_amd64.deb
2df2619b5bdf64b51d859d0249426edaca07429d 218874
clamav-milter_0.93.1.dfsg-1.1_amd64.deb
6c9523f90137c3cd3dc7ac88df4f4e7e1d400391 511072
libclamav-dev_0.93.1.dfsg-1.1_amd64.deb
ded74c2e4c88a56d8157832cef8d54ee20d4920d 789574
clamav-dbg_0.93.1.dfsg-1.1_amd64.deb
Checksums-Sha256:
8061e2dc5d8d838f48ee637afe04cea4945c24c4ce804dbb341b940ff16df52b 1301
clamav_0.93.1.dfsg-1.1.dsc
c91353d8310b7c29c4e0dd109bcc80fe6b1dde3499acc67dd76c85a1297835ba 154698
clamav_0.93.1.dfsg-1.1.diff.gz
24d54f744145663e5a53b594d307e27d48a879a505538d69d33300f39febdefc 15326234
clamav-base_0.93.1.dfsg-1.1_all.deb
2311ec34972ec581baf0003ea3e84756e8a3d6cd61007df724c8e2afa5fcf18d 193812
clamav-testfiles_0.93.1.dfsg-1.1_all.deb
73e573f23f4ec21f02475dba6b4c1993e5dc170a3de12be112f42a211c0e8dc1 1051642
clamav-docs_0.93.1.dfsg-1.1_all.deb
6e89017ff4538053cd0d3b48f412d27b598fb04f26cd9e35a0522b57e47378c0 479088
libclamav4_0.93.1.dfsg-1.1_amd64.deb
223004b5f2c314094065fce5ad2f18f7ec6d44915a794219cd060a52d05d4395 224240
clamav_0.93.1.dfsg-1.1_amd64.deb
259741a1010ca4ab5740aaec89c6afb4eed02cd3cf0a8719780a6fd31d1c56e6 217386
clamav-daemon_0.93.1.dfsg-1.1_amd64.deb
40971dd1316260dcbc8ccf7170d8f4ce9fde6186b439843395ac6a5341ea4acb 231602
clamav-freshclam_0.93.1.dfsg-1.1_amd64.deb
340d55e053746868eef31b1dc042838d9994108896757f0d699fdab876df5a29 218874
clamav-milter_0.93.1.dfsg-1.1_amd64.deb
4348fc390067f452a5c4a943ea953d0c471d2161906a7c083936a47414a2e266 511072
libclamav-dev_0.93.1.dfsg-1.1_amd64.deb
960233da3cd47ec9377ce6af07a3c3acf7985650e070b71662b284093c458db9 789574
clamav-dbg_0.93.1.dfsg-1.1_amd64.deb
Files:
6f6759b7e3f1678d4d1d587bf20c6524 1301 utils optional clamav_0.93.1.dfsg-1.1.dsc
924ec5d88768d20a203156645c92c19a 154698 utils optional
clamav_0.93.1.dfsg-1.1.diff.gz
59bfc7886cb25578b20dface6723f216 15326234 utils optional
clamav-base_0.93.1.dfsg-1.1_all.deb
deb9daf38cb447c74fea784abf6c3d8d 193812 utils optional
clamav-testfiles_0.93.1.dfsg-1.1_all.deb
0fd1028e4db1c5915973fa0f87d88c4a 1051642 doc optional
clamav-docs_0.93.1.dfsg-1.1_all.deb
d3a7167e36b8ea76e305c04e947ba4bf 479088 libs optional
libclamav4_0.93.1.dfsg-1.1_amd64.deb
952a0052088af4bc842f7b0cae70fce2 224240 utils optional
clamav_0.93.1.dfsg-1.1_amd64.deb
f69c8d2ad2c328bc032a9ea15119d8b1 217386 utils optional
clamav-daemon_0.93.1.dfsg-1.1_amd64.deb
15a48f3833f1642b45d2098f088b0557 231602 utils optional
clamav-freshclam_0.93.1.dfsg-1.1_amd64.deb
04a1eff43eda15153106340d945fc30d 218874 utils extra
clamav-milter_0.93.1.dfsg-1.1_amd64.deb
6e1662b98b55b40e43c81fa3e79bbfc5 511072 libdevel optional
libclamav-dev_0.93.1.dfsg-1.1_amd64.deb
7fedb5ada4fb4dda2e431ba540caacb7 789574 utils extra
clamav-dbg_0.93.1.dfsg-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkh+KggACgkQHYflSXNkfP83ZQCeOXJ32IOuVIicOrOyL63s0LgA
jOQAn2y0ZuXFsAMXulU5ANXbsW/8vU7h
=QfUY
-----END PGP SIGNATURE-----
--- End Message ---
