Package: clamav Version: 0.84-2.sarge.13 Severity: serious All versions prior to 0.90 are suspected to be vulnerable to a resource consumption vulnerability in Clam AntiVirus' ClamAV allows remote attackers to degrade the service of the clamd scanner. E.g., legitimate email can be refused because of this bug. v0.90RC1.1 is confirmed to be vulnerable. Upstream 0.90 fixes this. A sarge security fix backport will probably be needed.
Ciao, -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.18 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Versions of packages clamav depends on: ii clamav-freshclam [cla 0.84-2.sarge.13 downloads clamav virus databases f ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an ii libclamav1 0.84-2.sarge.13 virus scanner library ii libcurl3 7.13.2-2sarge5 Multi-protocol file transfer libra ii libgmp3 4.1.4-6 Multiprecision arithmetic library ii libidn11 0.5.13-1.0 GNU libidn library, implementation ii libssl0.9.7 0.9.7e-3sarge4 SSL shared libraries ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]