[Pkg-clamav-devel] Bug#775499: libmspack: off-by-one(?) buffer under-read in mspack/lzxd.c

Package: libmspack0 Version: 0.4-3 Usertags: afl There's an off-by-one(?) buffer under-read in mspack/lzxd.c. To reproduce the bug, rebuild libmspack with -fsanitize=address and run: $ test/cabd_md5 lzxd-under-read.cab *** lzxd-under-read.cab ERROR; file "test1.txt" cannot be extracted, cabine

[Pkg-clamav-devel] Bug#775498: libmspack: off-by-one buffer over-read in mspack/mszipd.c

Package: libmspack0 Version: 0.4-3 Tags: patch Usertags: afl There's an off-by-one buffer over-read in mspack/mszipd.c; please see the attached patch. I don't believe it's exploitable, but I could be wrong. To reproduce the bug, rebuild libmspack with -fsanitize=address and run: $ test/cab

Re: [Pkg-clamav-devel] Bug#773659: cabextract: null pointer dereference on a crafted CAB

On 2015-01-15 01:52:05 [+], Stuart Caie wrote: > I am now. I've sense-checked the patch for 774726 and it passes my test > suite, so it's now committed to the repository. I'm doing the same for > 774725. Great, thanks. > >In total Jakub reported four issues. > I thank him for it! libmspack is

[Pkg-clamav-devel] Bug#775400: Bug#775400: clamav-freshclam: freshclam cant download virus definitions

On 2015-01-15 23:50:02 [+0100], Andreas Cadhalpun wrote: > Hi, Hi, > Indeed, it works for most, so I'm reducing the severity. thanks. > I can reproduce this in a minimal jessie chroot with: > # apt install clamav-base > # apt remove clamav-base > # apt install clamav-base Hah. How so? After my r

[Pkg-clamav-devel] Bug#775400: Bug#775400: clamav-freshclam: freshclam cant download virus definitions

Hi Sebastian, On 16.01.2015 21:45, Sebastian Andrzej Siewior wrote: On 2015-01-15 23:50:02 [+0100], Andreas Cadhalpun wrote: I can reproduce this in a minimal jessie chroot with: # apt install clamav-base # apt remove clamav-base # apt install clamav-base Hah. How so? After my remove, "/var/l

[Pkg-clamav-devel] Bug#775400: clamav-freshclam: freshclam cant download virus definitions

On 2015-01-16 21:45:35 [+0100], Sebastian Andrzej Siewior wrote: > > I can reproduce this in a minimal jessie chroot with: > > # apt install clamav-base > > # apt remove clamav-base > > # apt install clamav-base > > Hah. How so? After my remove, "/var/lib/clamav/" was still owned by > clamav:clama

[Pkg-clamav-devel] Bug#775400: Bug#775400: clamav-freshclam: freshclam cant download virus definitions

On Fri, Jan 16, 2015 at 11:59:23PM +0100, Andreas Cadhalpun wrote: > Hi Sebastian, Hi Andreas, > The directory /var/lib/clamav is only removed by dpkg if it is empty. I just learned that… > Debconf can only be used to change under which user clamd is run. > The dbowner is hardcoded to clamav in c