[Pkg-clamav-devel] Bugfix for #507624 prepared
Florian Weimer
fw at deneb.enyo.de
Wed Dec 3 19:09:16 UTC 2008
* Michael Tautschnig:
> It does :-) But (as documented in the other sub-thread) this CVE does not apply
> to etch(-security), there seems no need to add additional patches at this point.
> I've thus attached the full diff between -etch15 and the proposed -etch16
> security release. The changelog now contains the CVE-Id for the
> maybe-buffer-overflow, but we're still missing any CVE-Id for the JPEG exploit,
It's CVE-2008-5314, in case you missed my reference in the other
subthread.
> diff --git a/debian/changelog b/debian/changelog
> index 3986550..67ab90d 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,12 @@
> +clamav (0.90.1dfsg-4etch16) stable-security; urgency=high
> +
> + * [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow
> + (Closes: #505134)
> + * libclamav/special.c: respect recursion limits in cli_check_jpeg_exploit()
> + (Closes: #507624)
> +
> + -- Stephen Gran <sgran at debian.org> Tue, 02 Dec 2008 20:36:31 -0800
> +
Looks fine, please upload.
More information about the Pkg-clamav-devel
mailing list