[Pkg-clamav-devel] Bug#635599: clamav: Please integrate upstream patch for off-by-one bug in matcher-hash.c

Robert Waldner waldner+bugs at cert.at
Wed Jul 27 13:14:45 UTC 2011 

Package: clamav
Version: 0.97.1+dfsg-1~lenny1
Severity: important
Tags: patch


Upstream has a bugreport incl. patch about (what I guess is) an off-by-one
error in matcher-hash.c, which makes clamscan crash when encountering
specific messages with specially-crafted hashes. 

See https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818
Patch: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5

Kind regards,
Robert Waldner


-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav


Software settings
-----------------
Version: 0.97.1
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 JIT

Platform information
--------------------
uname: Linux 2.6.18-6-xen-686 #1 SMP Tue May 5 04:56:39 UTC 2009 i686
OS: linux-gnu, ARCH: i386, CPU: i486
Full OS version: Debian GNU/Linux 5.0.8 (lenny)
zlib version: 1.2.3.3 (1.2.3.3), compile flags: 55
Triple: i386-pc-linux-gnu
CPU: core2, Little-endian
platform id: 0x0a113d3d0404030201040302

Build information
-----------------
GNU C: 4.3.2 (4.3.2)
GNU C++: 4.3.2 (4.3.2)
CPPFLAGS: 
CFLAGS: -Wall -g -O2
CXXFLAGS: -Wall -g -O2
LDFLAGS: 
Configure: '--build=i486-linux-gnu' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-clamav' '--with-dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav' '--enable-milter' '--disable-clamuko' '--with-gnu-ld' '--enable-dns-fix' '--disable-unrar' '--libdir=/usr/lib' '--with-system-tommath' '--with-ltdl-include=/usr/include' '--with-ltdl-lib=/usr/lib' 'build_alias=i486-linux-gnu' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS='
sizeof(void*) = 4
Engine flevel: 61, dconf: 61

--- data dir ---
total 74448
-rw-r--r-- 1 clamav clamav   478208 Jul 14 22:02 bytecode.cld
drwxr-xr-x 2 clamav clamav     4096 Apr  3  2008 clamav-b967ef3ba9e3136d55d395c63489fa93
-rw-r--r-- 1 clamav clamav 10220544 Jul 27 04:28 daily.cld
drwxr-xr-x 2 clamav clamav     4096 Jul 17  2008 daily.inc
-rw-r--r-- 1 clamav clamav 65422336 Nov 14  2010 main.cld
drwxr-xr-x 2 clamav clamav     4096 Jul  7  2008 main.inc
-rw------- 1 clamav clamav      104 Apr  3  2008 mirrors.dat

-- System Information:
Debian Release: 5.0.8
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages clamav depends on:
ii  clamav-freshclam [c 0.97.1+dfsg-1~lenny1 anti-virus utility for Unix - viru
ii  libc6               2.7-18lenny7         GNU C Library: Shared libraries
ii  libclamav6          0.97.1+dfsg-1~lenny1 anti-virus utility for Unix - libr
ii  zlib1g              1:1.2.3.3.dfsg-12    compression library - runtime

Versions of packages clamav recommends:
ii  clamav-base         0.97.1+dfsg-1~lenny1 anti-virus utility for Unix - base

Versions of packages clamav suggests:
pn  clamav-docs                   <none>     (no description available)

-- no debconf information

More information about the Pkg-clamav-devel mailing list