This bug was fixed in the package clamav - 0.96.3+dfsg-2ubuntu1.2
---
clamav (0.96.3+dfsg-2ubuntu1.2) maverick-security; urgency=low
* SECURITY UPDATE: Backport security fixes from 0.96.5 (LP: #673654):
- (simple port from Scott Kitterman's debdiff for natty)
- libclamav/pdf
This bug was fixed in the package clamav - 0.96.3+dfsg-
2ubuntu1.0.10.04.2
---
clamav (0.96.3+dfsg-2ubuntu1.0.10.04.2) lucid-security; urgency=low
* SECURITY UPDATE: Backport security fixes from 0.96.5 (LP: #673654):
- (simple port from Scott Kitterman's debdiff for natty)
-
Also, it would be great if there are proof of concept documents for
these issues that testcases based on them be added to the lp:qa-
regression-testing tests for clamav.py (i.e. http://bazaar.launchpad.net
/~ubuntu-bugcontrol/qa-regression-
testing/master/annotate/head%3A/scripts/test-clamav.py )
Hi Serge,
I've gone ahead and uploaded clamav packages to the ubuntu-security-
proposed ppa at https://launchpad.net/~ubuntu-security-
proposed/+archive/ppa/ ; please test and report feedback here.
In doing so, I ran in to a few issues with your debdiff, mostly having
to do with your changelog en
And backports is already fixed for all releases.
** Also affects: clamav (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: clamav (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: clamav (Ubuntu Natty)
Importance: Medium
Status: Fi
Does not apply to karmic (or hardy or dapper, of course).
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
https://bugs.launchpad.net/bugs/673654
Title:
Upcoming clamav release with security fixes
--
Ubuntu-server-
** Attachment added: "debdiff for lucid"
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/673654/+attachment/1757471/+files/luciddebdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
https://bugs.launchpad.
** Attachment added: "debdiff for maverick"
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/673654/+attachment/1757464/+files/mavdebdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
https://bugs.launchpad
This is already fixed in natty.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
https://bugs.launchpad.net/bugs/673654
Title:
Upcoming clamav release with security fixes
--
Ubuntu-server-bugs mailing list
Ubuntu-s
> "1) Multiple errors within the processing of PDF files can be
> exploited to e.g. cause a crash.
Please use CVE-2010-4260
>
> 2) An off-by-one error within the "icon_cb()" function can be
> exploited to cause a memory corruption."
>
Please use CVE-2010-4261
** CVE added: http://www.cve.mitr
the text should be something like that in the README
sort of
0.96.5 resolves two issues:
an out of bound read in the pdf module and an of by one in the icon
parser
vulnerability: buffer overflow / dos
--
You received this bug notification because you are a member of Ubuntu
Server Team, whic
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
https://bugs.launchpad.net/bugs/673654
Title:
Upcoming clamav release with security fixes
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@
Natty fix.
** Attachment added: "Fix patch"
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/673654/+attachment/1752069/+files/debdiff
** Changed in: clamav (Ubuntu)
Status: Confirmed => Fix Committed
--
Upcoming clamav release with security fixes
https://bugs.launchpad.net/bugs
Agree, these look a bit scary.
** Changed in: clamav (Ubuntu)
Status: New => Confirmed
** Changed in: clamav (Ubuntu)
Importance: Undecided => Medium
--
Upcoming clamav release with security fixes
https://bugs.launchpad.net/bugs/673654
You received this bug notification because you ar
git clone git://git.clamav.net/git/clamav-devel
And then look at commits 019f1955194360600ecf0644959ceca6734c2d7b and
1f3db7f074995bd4e1d0183b2db8b1c472d2f41b - These are the ones that
likely have security implications.
--
Upcoming clamav release with security fixes
https://bugs.launchpad.net/bu
0.95.5 is out now. Having a look at Git to see if I can find these.
** Visibility changed to: Public
--
Upcoming clamav release with security fixes
https://bugs.launchpad.net/bugs/673654
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cl
16 matches
Mail list logo
