On Tuesday, November 25, 2014 10:18:21 PM Sebastian Andrzej Siewior wrote: > On Tue, Nov 25, 2014 at 07:07:30PM +0100, Ralf Hildebrandt wrote: > > Version: 0.98.1+dfsg-1+deb6u3 > > > > A heap buffer overflow was reported in [1] in ClamAV when scanning a > > specially crafted y0da Crypter obfuscated PE file. > > Note that this is remotely exploitable when ClamAV is used as a mail > > gateway scanner. > > we are aware of the situtation, a stable upload is already waiting. Please > note that there won't be an update for Squeeze unless the LTS team does so.
I did add clamav to the list of packages needing an update for the LTS (and libclamunrar too), so the LTS team is aware of it. Scott K _______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
