[Pkg-clamav-devel] clamav_0.99.3~beta1+dfsg-1_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 06 Aug 2017 22:13:23 +0200 Source: clamav Binary: clamav-base clamav-docs clamav libclamav-dev libclamav7 clamav-daemon clamdscan clamav-testfiles clamav-freshclam clamav-milter Architecture: source Version: 0.99.3~beta1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: ClamAV TeamChanged-By: Sebastian Andrzej Siewior Description: clamav - anti-virus utility for Unix - command-line interface clamav-base - anti-virus utility for Unix - base package clamav-daemon - anti-virus utility for Unix - scanner daemon clamav-docs - anti-virus utility for Unix - documentation clamav-freshclam - anti-virus utility for Unix - virus database update utility clamav-milter - anti-virus utility for Unix - sendmail integration clamav-testfiles - anti-virus utility for Unix - test files clamdscan - anti-virus utility for Unix - scanner client libclamav-dev - anti-virus utility for Unix - development files libclamav7 - anti-virus utility for Unix - library Changes: clamav (0.99.3~beta1+dfsg-1) unstable; urgency=medium . * Upload to unstable * update to official beta1 release: - drop fts-no-use-AC_TRY_RUN.patch, applied upstream. Checksums-Sha1: 47780bc9c2498f22684dca9afbd33ae14fe396eb 3089 clamav_0.99.3~beta1+dfsg-1.dsc b936f63d16b33e26c283985ffe8cf84c1ad33dc4 5883052 clamav_0.99.3~beta1+dfsg.orig.tar.xz 76c620838b0dfb895d2359b92ba13379beabcce8 215856 clamav_0.99.3~beta1+dfsg-1.debian.tar.xz 4e0d38023c94da16f36dd9f7194803b2cc2934df 7357 clamav_0.99.3~beta1+dfsg-1_source.buildinfo Checksums-Sha256: 1f1f8c37c8946fc4bf0eff9b91a08442cc67be65ce43fdd164b504d2784fca2e 3089 clamav_0.99.3~beta1+dfsg-1.dsc 25ddeb1fca1b6f44f5985b0dfaae68413b51a5c6dd79e28b428d819760f7c020 5883052 clamav_0.99.3~beta1+dfsg.orig.tar.xz f03525b4312bed6efaf59bda88e53abea0e1088fe5516c03372cfd5113e55b03 215856 clamav_0.99.3~beta1+dfsg-1.debian.tar.xz 35ab2160f3a9eb4dfeb7c294d9b3ca49b321923da466a0bd28d59f1ad7651ab2 7357 clamav_0.99.3~beta1+dfsg-1_source.buildinfo Files: c46b3c8517d72b1d7a3ff9ec707869eb 3089 utils optional clamav_0.99.3~beta1+dfsg-1.dsc 04f2220cdaeea29b7938b14001909a39 5883052 utils optional clamav_0.99.3~beta1+dfsg.orig.tar.xz e2de5e67814de2e626de1168aad1c26d 215856 utils optional clamav_0.99.3~beta1+dfsg-1.debian.tar.xz 65b7e1101c8edd30391e21240690a7ba 7357 utils optional clamav_0.99.3~beta1+dfsg-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEErHvQgQWZUb1RregAT+XjJihy5MwFAlmHiN8ACgkQT+XjJihy 5MxPrw//WrI3xS28LKQFt9yygWFaygosAwRP2gQOAaMhrfd0dSoA+Ra09na5BfsV 6wtAI3UkhaIch2BvGkz8FoWTz+Us2B6GeD/SXJgsyNKyW0Myt51ohKrQZ0uT89W3 Nz5hxXLDoNy7YpWI4Ij3l049UgAUxmH8bEx8pZjtaR1oqOwcVkSenZxDuS8U4F0Q 4Ct0LdZ4w3M9LtyK/Itb7uaOk040pbllgTlLRoM8DjzoIi4TZywzg0iDpzbzkFvi 8ZeYxMtlltlvwjeqw8sk+IoViBmwufLw5YtL6Nrl0H20JFrh/swKcFb2IlK8WNKp ykJgPiL4JiYY4BzxsxV+Bqo64TIfJtksMhoikQPxVqDn2JnftX+QkO69g2VCF7fg uF2Cuj4nFPaMLWt00rsRkCw8zpaKl/DJyTpAZb8AY87pBnxFwEGqrXDgg/JAsvcZ vRdqUEuA4MWFem/YLEZV5iwPf7rEMXmCVN0crZm2JPPDmD//AqyqS9wx6fsGKhuY sauGQYDaYh3qTvmekFgh5qCXQlmaWqv4vnGadE4kHm6EmzkQhuTBfh7tcWaYGa6G Ac6VnaVpepfZJU25jQCMv4+8YeWi6+jc49evz41QN0O9VA9mBlXGMaML7rBOQqyA sSo0eH3bRboe6BTU/jHueeNj1wRtMzFYQd5lGK2s47CI8mj3Vck= =Xblo -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ Pkg-clamav-devel mailing list Pkg-clamav-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
[Pkg-clamav-devel] Processing of clamav_0.99.3~beta1+dfsg-1_source.changes
clamav_0.99.3~beta1+dfsg-1_source.changes uploaded successfully to localhost along with the files: clamav_0.99.3~beta1+dfsg-1.dsc clamav_0.99.3~beta1+dfsg.orig.tar.xz clamav_0.99.3~beta1+dfsg-1.debian.tar.xz clamav_0.99.3~beta1+dfsg-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ Pkg-clamav-devel mailing list Pkg-clamav-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
Re: [Pkg-clamav-devel] Bug#868956: libmspack: CVE-2017-11423
On 2017-08-06 10:22:11 [+0100], Stuart Caie wrote: > Commited a fix: > https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38 > > I'll put out a release in the near future. thank you Stuart. Marc do plan you upload something to unstable/security soon, wait for a new release or would you prefer someone else to NMU it with this change? > Regards > Stuart Sebastian ___ Pkg-clamav-devel mailing list Pkg-clamav-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
Re: [Pkg-clamav-devel] Bug#868956: libmspack: CVE-2017-11423
On 05/08/17 10:36, Stuart Caie wrote: libmspack is wrong to convert to unsigned without checking for errors first. When I get to my computer, I'll check all calls to mspack_system read/write/seek/tell methods, to be sure this doesn't happen anywhere else. I checked all the other mspack_system calls, they're handled correctly. Commited a fix: https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38 I'll put out a release in the near future. Before fix, allowing N reads before always failing in cabd_memory.c sys->read(): Allow 3 reads -> mspack/cabd.c:528 (cabd_read_string) len=4294967295 Allow 4 reads -> mspack/cabd.c:528 (cabd_read_string) len=193 Allow 5 reads -> mspack/cabd.c:528 (cabd_read_string) len=193 mspack/cabd.c:528 (cabd_read_string) len=4294967295 Allow 6 reads -> mspack/cabd.c:528 (cabd_read_string) len=193 mspack/cabd.c:528 (cabd_read_string) len=169 After fix: Allowing 3 reads -> error caught and no len printed Allowing 4 reads -> mspack/cabd.c:531 (cabd_read_string) len=193 Allowing 5 reads -> mspack/cabd.c:531 (cabd_read_string) len=193, error caught and no len printed Allowing 6 reads -> mspack/cabd.c:531 (cabd_read_string) len=193 mspack/cabd.c:531 (cabd_read_string) len=169 Regards Stuart ___ Pkg-clamav-devel mailing list Pkg-clamav-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel