On Wednesday, November 26, 2014 07:38:15 PM Adam D. Barratt wrote: > On Tue, 2014-11-25 at 21:34 +0000, Adam D. Barratt wrote: > > Control: tags -1 + pending > > > > On Fri, 2014-11-21 at 10:24 -0500, Scott Kitterman wrote: > > > On Fri, 21 Nov 2014 10:00:16 -0500 Scott Kitterman > > > <deb...@kitterman.com> > > > > > > wrote: > > > > In addition to the usual reasons to fix clamav, this also fixes > > > > CVE-2013-6497 > [...] > > > Flagged for acceptance. > > I'll have a look at getting this in to wheezy-updates in the next day or > three. > > An initial draft of text for the SUA: > > Upstream published version 0.98.5. > > This is a mostly a bugfix release. The changes are not strictly required > for operation, but users of the previous version in Wheezy may not be > able to make use of all current virus signatures and might get warnings. > > The bug fixes that are part of this release include the resolution of an > issue in clamscan, the command line anti-virus scanner included in the > package, which could lead to crashes when scanning certain files. > > If you use clamav, we highly recommend that you upgrade to this version.
Sure. How about: Upstream published version 0.98.5. This is a mostly a bugfix release. The changes are not strictly required for operation, but users of the previous version in Wheezy may not be able to make use of all current virus signatures and might get warnings. The bug fixes that are part of this release include the resolution of an issue in clamscan, the command line anti-virus scanner included in the package, which could lead to crashes when scanning certain files (CVE-2013-6497). It also resolves an issue in libclamav which caused a heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file (CVE-2014-9050). Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner. If you use clamav, we highly recommend that you upgrade to this version. That seems scary enough to get me to upgrade. Scott K -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2053582.XW7Dq8b923@kitterman-optiplex-9020m
