headers
Martin Zobel-Helas | 7 Aug 14:59
Picon
Gravatar

[VUA 35-1] Updated avscan package


---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 35-1     http://volatile.debian.org
debian-volatile <at> lists.debian.org
August 07, 2007                                          Martin Zobel-Helas
---------------------------------------------------------------------------

Package              : avscan
Version              : 1.1.2-openssl-1etch1+volatile1
Importance           : medium

Avscan was broken by recent changes to clamav. This version now removes
the display of the virus pattern list in avscan, and makes avscan
compatible again with the most recent clamav version. This change has been
backported from the most current upstream version.

(In more details, avscan used an undocumented, internal struct to access
the list of available virus patterns. As this function is internal,
clamav changed it. The clamav packages had added a conflicts with the
old versions of avscan.)

For etch, an updated avscan package is available in etch/volatile 
as version 1.1.2-openssl-1etch1+volatile1.

This advisory was sent out without builds for arm, ia64, mips and s390
architectures being available. They will be released as soon as they are
available.

We recommend that you update your system.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Martin Zobel-Helas | 21 Aug 22:53
Picon
Favicon

[VUA 36-1] Updated clamav package fixes security flaw


---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 36-1     http://volatile.debian.org
debian-volatile <at> lists.debian.org                               Stephen Gran
August 21, 2007
---------------------------------------------------------------------------

Package              : clamav
Version              : 0.91.2-0volatile1 and 0.91.1-2~volatile1
Importance           : high
CVE IDs              : N/A

The following securitys flaw were found and fixed in clamav:

 [CVE-2007-XXXX] fix call to tolower() which led to a crash in libclamav
 [CVE-2007-XXXX] fix possible NULL dereference, e.g. when parsing email 
                 with RFC2397 URI
 [CVE-2007-XXXX] fix floating point exception when using ScanOLE2
 [CVE-2007-XXXX] fix possible NULL dereference in rtf.c

For sarge, an updated clamav package is available in sarge/volatile
as version 0.91.2-0volatile1.

For etch, an updated clamav package is available in etch/volatile 
as version 0.91.2-1~volatile1.

We recommend that you update your system.

This advisory was sent out without builds for arm, hppa and sparc being
available for etch/volatile and without builds for arm, hppa, m68k,
(Continue reading)

Permalink | Reply | 0 comments |

Gmane