[Pkg-clamav-devel] Bug#776870: unblock: clamav/0.98.6+dfsg-1
Scott Kitterman
debian at kitterman.com
Mon Feb 2 18:27:53 UTC 2015
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
Please unblock package clamav
New upstream release with security fixes. Here is the upstream NEWS:
ClamAV 0.98.6 is a bug fix release correcting the following:
- library shared object revisions.
- installation issues on some Mac OS X and FreeBSD platforms.
- includes a patch from Sebastian Andrzej Siewior making
ClamAV pid files compatible with systemd.
- Fix a heap out of bounds condition with crafted Yoda's
crypter files. This issue was discovered by Felix Groebert
of the Google Security Team.
- Fix a heap out of bounds condition with crafted mew packer
files. This issue was discovered by Felix Groebert of the
Google Security Team.
- Fix a heap out of bounds condition with crafted upx packer
files. This issue was discovered by Kevin Szkudlapski of
Quarkslab.
- Fix a heap out of bounds condition with crafted upack packer
files. This issue was discovered by Sebastian Andrzej Siewior.
CVE-2014-9328.
- Compensate a crash due to incorrect compiler optimization when
handling crafted petite packer files. This issue was discovered
by Sebastian Andrzej Siewior.
The diff is huge and I didn't see a reasonable way to reduce it (I'll try if I
must), but I don't think it's a productive use of time for me to produce it or
you to review it. I'll attach it in a follow-on to the bug so that this one
makes it to the list.
unblock clamav/0.98.6+dfsg-1
More information about the Pkg-clamav-devel
mailing list