[VUA 21-1] Updated clamav packages fixes security flaw

---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 21-1     http://volatile.debian.net
debian-volatile <at> lists.debian.org                               Stephen Gran
October 16th, 2006
---------------------------------------------------------------------------

Package              : clamav
Version              : 0.88.5-0volatile1
Importance           : high
CVE IDs              : CVE-2006-4182
                       CVE-2006-5295

The following security flaws were found and fixed in clamav:

CVE-2006-4182:

    A heap overflow error in the "rebuildpe.c" script when rebuilding PE files
    has been discovered, which could be exploited by attackers or malware to
    compromise a vulnerable system.

CVE-2006-5295:

    An error in the CHM unpacker (chmunpack.c) when unpacking malformed files
    has been discovered, which could be exploited by attackers to crash an 
    affected application.

For sarge, an updated clamav package is available in sarge/volatile
as version 0.88.5-0volatile1. We recommend that you update your system.

This advisory was sent out without builds for arm, hppa, ia64, m68k, mips,