[Pkg-clamav-devel] [aiko at deepco.de: Bug#522744: clamav: DOS and filter bypass]
Michael Tautschnig
mt at debian.org
Mon Apr 6 15:04:25 UTC 2009
Hi all,
(Seems like I'll sometimes have net access here ... :-) )
A few days ago I had already added a lenny-security branch in our git repo that
includes patches supplied by Scott to fix the non-rar issues. Anyone with a bit
of time left is invited to ping team at security.debian.org with the suggested
changes.
Best,
Michael
----- Forwarded message from Aiko Barz <aiko at deepco.de> -----
Date: Mon, 06 Apr 2009 10:32:20 +0200
From: Aiko Barz <aiko at deepco.de>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: [Pkg-clamav-devel] Bug#522744: clamav: DOS and filter bypass
X-Mailer: reportbug 3.48
Reply-To: Aiko Barz <aiko at deepco.de>, 522744 at bugs.debian.org
Package: clamav
Version: 0.94.dfsg.2-1
Severity: important
DOS against clamav with prepared tar archives:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
(Fixed in 0.95)
Filter bypass with prepared rar archives:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1467
(Fixed in 0.95. Alright, doesn't matter on Debian...)
detect-broken is broken: Floating point exception
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1335
(Fixed in 0.95)
-- Package-specific info:
[...]
_______________________________________________
Pkg-clamav-devel mailing list
Pkg-clamav-devel at lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20090406/a11c562d/attachment.pgp>
More information about the Pkg-clamav-devel
mailing list