On Tue, Nov 25, 2014 at 04:30:43PM -0500, Scott Kitterman wrote: > On Tuesday, November 25, 2014 10:18:21 PM Sebastian Andrzej Siewior wrote: > > On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote: > > > Version: 0.98.1+dfsg-1+deb6u3 > > > > > > A heap buffer overflow was reported in [1] in ClamAV when scanning a > > > specially crafted y0da Crypter obfuscated PE file. > > > Note that this is remotely exploitable when ClamAV is used as a mail > > > gateway scanner. > > > > we are aware of the situtation, a stable upload is already waiting. Please > > note that there won't be an update for Squeeze unless the LTS team does so. > > I did add clamav to the list of packages needing an update for the LTS (and > libclamunrar too), so the LTS team is aware of it.
Thanks, working on the clamav one now for LTS. Upstreams patch applies just fine on the version in Squeeze, so I guess it would be better to apply it, instead of pulling in the new upstream? Greets Evgeni -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
