Your message dated Thu, 27 Nov 2014 15:19:29 +0000
with message-id <[email protected]>
and subject line Bug#770985: fixed in clamav 0.98.1+dfsg-1+deb6u4
has caused the Debian Bug report #770985,
regarding clamav: CVE-2014-9050: heap buffer overflow when scanning a specially
crafted y0da Crypter obfuscated PE file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
770985: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770985
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: clamav
Version: 0.98.1+dfsg-1+deb6u3
Severity: important
Dear Maintainer,
A heap buffer overflow was reported in [1] in ClamAV when scanning a
specially crafted y0da Crypter obfuscated PE file.
Note that this is remotely exploitable when ClamAV is used as a mail
gateway scanner.
Upstream fix is available here: [2].
ClamAV 0.98.5 contains the above fix.
Additional references:
[1] https://bugzilla.clamav.net/show_bug.cgi?id=11155
[2]
https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e
-- System Information:
Debian Release: jessie/sid
APT prefers utopic-updates
APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500,
'utopic'), (100, 'utopic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-24-generic (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.98.1+dfsg-1+deb6u4
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Evgeni Golov <[email protected]> (supplier of updated clamav package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Nov 2014 09:39:20 +0100
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6
clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all amd64
Version: 0.98.1+dfsg-1+deb6u4
Distribution: squeeze-lts
Urgency: medium
Maintainer: ClamAV Team <[email protected]>
Changed-By: Evgeni Golov <[email protected]>
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus utility for Unix - scanner daemon
clamav-dbg - debug symbols for ClamAV
clamav-docs - anti-virus utility for Unix - documentation
clamav-freshclam - anti-virus utility for Unix - virus database update utility
clamav-milter - anti-virus utility for Unix - sendmail integration
clamav-testfiles - anti-virus utility for Unix - test files
libclamav-dev - anti-virus utility for Unix - development files
libclamav6 - anti-virus utility for Unix - library
Closes: 770985
Changes:
clamav (0.98.1+dfsg-1+deb6u4) squeeze-lts; urgency=medium
.
* Security upload by the Debian LTS team.
* Fix CVE-2014-9050: heap buffer overflow when scanning a specially crafted
y0da Crypter obfuscated PE file. (Closes: #770985)
* Also backport some memory fixes for clamscan.
Checksums-Sha1:
cc61e6e978ab86cdbcd75cbe8a6b0f94752e1eda 2291 clamav_0.98.1+dfsg-1+deb6u4.dsc
0cfe8a49348178fadd36cbebfbcd4667bdce4187 334406
clamav_0.98.1+dfsg-1+deb6u4.diff.gz
3c6fa806b059fc116bcd994d43ad7c57f858d0f7 321478
clamav-base_0.98.1+dfsg-1+deb6u4_all.deb
58d103a31d2b2f4071cf2d0c00ff3cb6deb3883f 5275262
clamav-testfiles_0.98.1+dfsg-1+deb6u4_all.deb
2d9a6f2c23fa471135e5751763eef3cf13c0c864 1267616
clamav-docs_0.98.1+dfsg-1+deb6u4_all.deb
ca002b12dc5d1b76829bd3a9355bb21a51674692 4353530
libclamav6_0.98.1+dfsg-1+deb6u4_amd64.deb
366c7ff20037cb0834b48add0fa5d94f71bc2449 358926
clamav_0.98.1+dfsg-1+deb6u4_amd64.deb
377f164a1230d1c86c5d2e2f570301b5edf4da58 448796
clamav-daemon_0.98.1+dfsg-1+deb6u4_amd64.deb
2d2233d8649d8a205a0d286e5f15851e56e72f25 335988
clamav-freshclam_0.98.1+dfsg-1+deb6u4_amd64.deb
1781f745992ab654f1cc51b44d8a49f80094b994 372538
clamav-milter_0.98.1+dfsg-1+deb6u4_amd64.deb
866e5d4d6b25140627d9be5dc5a8b02903bc2078 233686
libclamav-dev_0.98.1+dfsg-1+deb6u4_amd64.deb
998065b1a28479454d7886ba494cfd2fca450546 24476716
clamav-dbg_0.98.1+dfsg-1+deb6u4_amd64.deb
Checksums-Sha256:
42e8786288b36c091611176f29b350f9a5325f199be5cfb6f908c961701b8ce8 2291
clamav_0.98.1+dfsg-1+deb6u4.dsc
c09428ada1fa8bc11a3bf14f8a40adf05fb1927b506c668ac4962e7b2fc365e6 334406
clamav_0.98.1+dfsg-1+deb6u4.diff.gz
3a01301c6c3ca4d489e684efbf98da5c3ce9a23a77db035526bb366acb227c83 321478
clamav-base_0.98.1+dfsg-1+deb6u4_all.deb
1568e9d72dcc6eb3070722701a2d64f92bf60a61f5cfdba355d605c860e7cc75 5275262
clamav-testfiles_0.98.1+dfsg-1+deb6u4_all.deb
fa958c9f6a62d8df7625b03457f5ec159c48eb8b052a2e5bfadf1008bf66c933 1267616
clamav-docs_0.98.1+dfsg-1+deb6u4_all.deb
7d51ff70ce0fb9e69655d664e69c0f2116b370483413b0dc2a980209528f5ae4 4353530
libclamav6_0.98.1+dfsg-1+deb6u4_amd64.deb
4bd09b9a67e9e063347bf184617ecc2e06ca5986020f6354ba10259751ed9324 358926
clamav_0.98.1+dfsg-1+deb6u4_amd64.deb
dcab9f3cf04a016a6bdb0165280f742e49d0be51466cf1af9a93d136fa550cca 448796
clamav-daemon_0.98.1+dfsg-1+deb6u4_amd64.deb
c2986d7b412629a3becd45a0d4253b6fe91d7728abc1657243b9f98c72d03208 335988
clamav-freshclam_0.98.1+dfsg-1+deb6u4_amd64.deb
8cde3900439f4c911937572fc33d084e8eb6612b6466955f4d2d41d9d6339be0 372538
clamav-milter_0.98.1+dfsg-1+deb6u4_amd64.deb
d66092e87d228bb61c8db7076055e43c2e3ed844231b86f1830b4ab7c10cdfca 233686
libclamav-dev_0.98.1+dfsg-1+deb6u4_amd64.deb
471551155772782fb75d54ca6c43c9dd2bcc174bb90e20f093c7a4d97bb933b2 24476716
clamav-dbg_0.98.1+dfsg-1+deb6u4_amd64.deb
Files:
1325f2d13f500bbcb46d39e5c3c711d5 2291 utils optional
clamav_0.98.1+dfsg-1+deb6u4.dsc
45ad6411d5a4d2852375cdc68f3df73e 334406 utils optional
clamav_0.98.1+dfsg-1+deb6u4.diff.gz
59281939573a9b64f19034baa3271aab 321478 utils optional
clamav-base_0.98.1+dfsg-1+deb6u4_all.deb
cbcb94955370b6aac96fe01b2a4d2c54 5275262 utils optional
clamav-testfiles_0.98.1+dfsg-1+deb6u4_all.deb
69021299dfbdae5ddde4f732a70d6058 1267616 doc optional
clamav-docs_0.98.1+dfsg-1+deb6u4_all.deb
22b909766c04108245e0be572fcbd591 4353530 libs optional
libclamav6_0.98.1+dfsg-1+deb6u4_amd64.deb
e36aeedd6f74ef9c80ae07df0e3f3875 358926 utils optional
clamav_0.98.1+dfsg-1+deb6u4_amd64.deb
88a54552b057c20c6e68053fd01009d4 448796 utils optional
clamav-daemon_0.98.1+dfsg-1+deb6u4_amd64.deb
ab70a4571c15b70940fe55cdbf1c9450 335988 utils optional
clamav-freshclam_0.98.1+dfsg-1+deb6u4_amd64.deb
9d8f1805fcf412778f493788dcdc4e78 372538 utils extra
clamav-milter_0.98.1+dfsg-1+deb6u4_amd64.deb
ec2daf4da68badd0d5bcf4e991b26176 233686 libdevel optional
libclamav-dev_0.98.1+dfsg-1+deb6u4_amd64.deb
b8e422f2bbdc61d03b8b1ac292723caf 24476716 debug extra
clamav-dbg_0.98.1+dfsg-1+deb6u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUdzaCAAoJEKGwm0IzOWHoMTUP/RyKgvcF5x+ZZWp06tAXH0HV
PbryZEq0ZZxhABhRvQJ+Z9zaKquw9TpwNypA7Cue/HKTShI6AyNoEUl3DynNHqOu
VNv8lRpFh53y3Z6uRzHCselMzqIVEwYv+uJ4jOd6c7+wqUBYrXSvyAZTXcdDQ2pX
XRIkdtmJKPBFdgKTQB4suV5Uz9vSGdPZinMWZK98FHUbRyvUPsRHCj3dTLt2FNT9
tcH0u2zZgy71RrKhIzXpPDDqv0VtZnDsHoCiaSBEOiSXNUynnlvqdtOhu9/Nbars
wTd3oM2yLTQZGMsDCOMsHsqx/1lSDLZUH1Ju550z2JwlXzam1G6vERKQfY0o7NN2
5iM/cgnIBQLF30XDnVFPud2pQdaIkw9zzSvGMlT1Y4mpomYyBO8tUvaY5B4FbWqo
YXsnhMTJ7WiQix/QU7iXf+wQ7tPDGRdxg7m5JVGLbDujcRb6t6SIz6P5wCwGPWi2
6MdojAIUSCoBVsxM1alkhdHm83Q43G8zbc+mDCSV1bFcuCKgepmyua5AhM1IWW4E
6Ik4pC/1jTbu0SyuflbxRXgs8LbuEPuAIoN/ZsvQ0d5FsVPA26hNXEM5DP5nFg45
I28kRAospO7xf0THp0LlM36X6CI8Z+hSUZ3BzpHQSUT7V5eSoeuJPWiH/v1leti4
zqacAoOWm8CmSKUt5fFO
=cCsD
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
