Security fixes from clamav 0.95 need backport

Bug #354189 reported by Scott Kitterman
2
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
New
Undecided
Unassigned
Intrepid
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: clamav

Clamav 0.95 included patches for two security issues:

 *libclamav/pe.c: division by zero with --detect-broken (bb#1335) (Denial of
   service)
 * libclamav/untar.c: infloop in tar.c (bb#1462) (Denial of Service)

Fixed in Jaunty by 0.95. Open for other Ubuntu releases.

CVE References

Revision history for this message
Scott Kitterman (kitterman) wrote :

Fixed in Intrepid.

Changed in clamav (Ubuntu Intrepid):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.