[Technik] [SECURITY] [DSA 1340-1] New ClamAV packages fix
denial of service
Noèl Köthe
noel at debian.org
Fri Jul 27 08:39:53 CEST 2007
Am Dienstag, den 24.07.2007, 09:24 +0200 schrieb Martin Schulze:
> Debian Security Advisory DSA 1340-1 security at debian.org
> http://www.debian.org/security/ Martin Schulze
> July 24th, 2007 http://www.debian.org/security/faq
>
> Package : clamav
> Vulnerability : null pointer dereference
> Problem type : local (remote)
> Debian-specific: no
> CVE ID : CVE-2007-3725
clamav auf yuma aktualisiert.
Auf h01, h02, h03 und h04 wurde auf 0.91.1-0volatile1 von Debian
volatile aktualisiert.
> The old stable distribution (sarge) is not affected by this problem.
changelog volatile:
clamav (0.91.1-0volatile1) sarge-volatile; urgency=low
* New upstream version
- Fixes CVE-2007-3725
- This makes Phish* options on by default, postinst must handle them
- This drops Build-dep on libcurl
* Fix fail to install when newaliases command is not present
(closes: #431990)
-- Stephen Gran <sgran at debian.org> Tue, 24 Jul 2007 14:41:57 +0100
> For the stable distribution (etch) this problem has been fixed in
> version 0.90.1-3etch4.
clamav (0.90.1-3etch4) stable-security; urgency=high
* [CVE-2007-3725]: libclamav/unrar/unrarvm.c: fix NULL pointer
dereference
-- Stephen Gran <sgran at debian.org> Sun, 15 Jul 2007 18:01:48 +0100
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070727/2ae188c7/attachment.pgp
More information about the Technik
mailing list