[Technik] [SECURITY] [DSA 1263-1] New clamav packages fix denial of service

Noèl Köthe noel at debian.org
Wed Mar 7 08:40:31 CET 2007 

Am Dienstag, den 06.03.2007, 23:33 +0100 schrieb Moritz Muehlenhoff:

> Debian Security Advisory DSA 1263-1                    security at debian.org
> http://www.debian.org/security/                         Moritz Muehlenhoff
> March 6th, 2006                         http://www.debian.org/security/faq
> 
> Package        : clamav
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CVE-2007-0897 CVE-2007-0898
> Debian Bug     : 411118

clamav auf h01, h02, h03, h04 und h90 aktualisiert.

> For the stable distribution (sarge) these problems have been fixed in
> version 0.84-2.sarge.15.

Wir nutzen clamav von Debian volatile und somit haben wir von
0.88.7-0volatile2 auf Version 0.90.1-0volatile1 aktualisiert.

changelog:
clamav (0.90.1-0volatile1) sarge-volatile; urgency=low

  * New upstream version
    - Many memleaks fixed
    - Many potential crashes fixed
  * Patches:
    - freshen 02_milter_sendmail_version_patch
    - freshen 20_clamscan-manpage-update.dpatch
    - freshen 24_nullmailer_ftbfs.dpatch
    - remove 25_soname_bump.dpatch (merged upstream)
    - remove 26_isspace_fix_segv.dpatch (merged upstream)

 -- Stephen Gran <sgran at debian.org>  Fri,  2 Mar 2007 03:56:26 +0000

clamav (0.90-0volatile2) sarge-volatile; urgency=low

  * Fix clamav.examples to actually include what's there, and not what include
    what isn't.  Unsurprisingly, this fixes an FTBFS

 -- Stephen Gran <sgran at debian.org>  Thu,  1 Mar 2007 15:49:55 +0000

clamav (0.90-0volatile1) sarge-volatile; urgency=high

  * Backport for volatile
  * Fix init scripts to work with sarge's lsb-base
  * Revert dh_compat to 4, and eliminate debug package
  * Revert new dpkg-dev variables to sarge approximations

 -- Stephen Gran <sgran at debian.org>  Thu,  1 Mar 2007 02:07:40 +0000

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070307/c74ad303/attachment.pgp

More information about the Technik mailing list