Your message dated Fri, 1 Aug 2008 10:50:14 +0000 (UTC)
with message-id <[EMAIL PROTECTED]>
and subject line Bug#490925: fixed in clamav 0.93.1.dfsg-volatile1.1
has caused the Debian Bug report #490925,
regarding CVE-2008-2713: DoS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
490925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490925
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libclamav4
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for clamav.
CVE-2008-2713[0]:
| libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to
| cause a denial of service via a crafted Petite file that triggers an
| out-of-bounds read.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
The DTSA released for this issue seems to have been incomplete. Please
see this mail[1] and the additional upstream commit[2].
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
http://security-tracker.debian.net/tracker/CVE-2008-2713
[1] http://www.openwall.com/lists/oss-security/2008/07/15/1
[2]
http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.93.1.dfsg-volatile1.1
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the volatile.debian.org FTP archive:
clamav-base_0.93.1.dfsg-volatile1.1_all.deb
to pool/volatile/main/c/clamav/clamav-base_0.93.1.dfsg-volatile1.1_all.deb
clamav-daemon_0.93.1.dfsg-volatile1.1_powerpc.deb
to
pool/volatile/main/c/clamav/clamav-daemon_0.93.1.dfsg-volatile1.1_powerpc.deb
clamav-dbg_0.93.1.dfsg-volatile1.1_powerpc.deb
to pool/volatile/main/c/clamav/clamav-dbg_0.93.1.dfsg-volatile1.1_powerpc.deb
clamav-docs_0.93.1.dfsg-volatile1.1_all.deb
to pool/volatile/main/c/clamav/clamav-docs_0.93.1.dfsg-volatile1.1_all.deb
clamav-freshclam_0.93.1.dfsg-volatile1.1_powerpc.deb
to
pool/volatile/main/c/clamav/clamav-freshclam_0.93.1.dfsg-volatile1.1_powerpc.deb
clamav-milter_0.93.1.dfsg-volatile1.1_powerpc.deb
to
pool/volatile/main/c/clamav/clamav-milter_0.93.1.dfsg-volatile1.1_powerpc.deb
clamav-testfiles_0.93.1.dfsg-volatile1.1_all.deb
to
pool/volatile/main/c/clamav/clamav-testfiles_0.93.1.dfsg-volatile1.1_all.deb
clamav_0.93.1.dfsg-volatile1.1.diff.gz
to pool/volatile/main/c/clamav/clamav_0.93.1.dfsg-volatile1.1.diff.gz
clamav_0.93.1.dfsg-volatile1.1.dsc
to pool/volatile/main/c/clamav/clamav_0.93.1.dfsg-volatile1.1.dsc
clamav_0.93.1.dfsg-volatile1.1_powerpc.deb
to pool/volatile/main/c/clamav/clamav_0.93.1.dfsg-volatile1.1_powerpc.deb
libclamav-dev_0.93.1.dfsg-volatile1.1_powerpc.deb
to
pool/volatile/main/c/clamav/libclamav-dev_0.93.1.dfsg-volatile1.1_powerpc.deb
libclamav4_0.93.1.dfsg-volatile1.1_powerpc.deb
to pool/volatile/main/c/clamav/libclamav4_0.93.1.dfsg-volatile1.1_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
volatile.debian.org distribution maintenance software
pp.
Gerfried Fuchs <[EMAIL PROTECTED]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 01 Aug 2008 12:17:43 +0200
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter libclamav4 clamav-base
clamav-freshclam clamav-testfiles clamav-daemon clamav-docs
Architecture: source powerpc all
Version: 0.93.1.dfsg-volatile1.1
Distribution: etch-volatile
Urgency: high
Maintainer: Stephen Gran <[EMAIL PROTECTED]>
Changed-By: Gerfried Fuchs <[EMAIL PROTECTED]>
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus utility for Unix - scanner daemon
clamav-dbg - debug symbols for ClamAV
clamav-docs - anti-virus utility for Unix - documentation
clamav-freshclam - anti-virus utility for Unix - virus database update utility
clamav-milter - anti-virus utility for Unix - sendmail integration
clamav-testfiles - anti-virus utility for Unix - test files
libclamav-dev - anti-virus utility for Unix - development files
libclamav4 - anti-virus utility for Unix - library
Closes: 490925
Changes:
clamav (0.93.1.dfsg-volatile1.1) etch-volatile; urgency=low
.
* Rebuild for etch-volatile.
.
clamav (0.93.1.dfsg-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* This update addresses the following security issue:
- CVE-2008-2713: A crafted petite file can trigger an out-of-bound
read operation in petite.c resulting in a denial of sevice
(Closes: #490925).
Files:
14407af7396b80a539673e321e81bf1e 909 utils optional
clamav_0.93.1.dfsg-volatile1.1.dsc
f1fd73b702fe4d97bde565b6739bfda5 153423 utils optional
clamav_0.93.1.dfsg-volatile1.1.diff.gz
9eedb3d1405dad46b48d55d7872269d5 15327630 utils optional
clamav-base_0.93.1.dfsg-volatile1.1_all.deb
d07538c4e2e32fc2152d50e90cffde5e 194294 utils optional
clamav-testfiles_0.93.1.dfsg-volatile1.1_all.deb
eb672f4f494563f45a169ecded61ab68 1050570 doc optional
clamav-docs_0.93.1.dfsg-volatile1.1_all.deb
dd8cc6a32371fd4b5d3ba27c1c75e88a 484890 libs optional
libclamav4_0.93.1.dfsg-volatile1.1_powerpc.deb
b2e31856f8381c1bc67116686e22858e 226224 utils optional
clamav_0.93.1.dfsg-volatile1.1_powerpc.deb
95edcfa08c84c7adced29b96e829a4bf 220234 utils optional
clamav-daemon_0.93.1.dfsg-volatile1.1_powerpc.deb
062964f7ce1eebe45eb1271bfda6bf67 234418 utils optional
clamav-freshclam_0.93.1.dfsg-volatile1.1_powerpc.deb
6c6d36609ec8acb4e50020cbd1f22135 217096 utils extra
clamav-milter_0.93.1.dfsg-volatile1.1_powerpc.deb
a5d8c19c66a54baa3c541a242c560a56 536898 libdevel optional
libclamav-dev_0.93.1.dfsg-volatile1.1_powerpc.deb
5e166eeb91c4b4d0cbdb190cc3b38243 800348 utils extra
clamav-dbg_0.93.1.dfsg-volatile1.1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkiS6IgACgkQELuA/Ba9d8b6IgCfW9fVl0IsFJtUIPtOi+FQoDBd
+vkAn1Y5x8Wz8g/qcIInSJ7+edi/1nAi
=yjWg
-----END PGP SIGNATURE-----
--- End Message ---
