[VUA 46-1] Updated clamav package fixes security flaw

---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 46-1     http://volatile.debian.org
debian-volatile <at> lists.debian.org                                 Andi Barth
April 18, 2008
---------------------------------------------------------------------------

Package              : clamav
Version              : 0.92.1~dfsg-1volatile2
Importance           : high
CVE IDs              : CVE-2008-0314 CVE-2008-1100 and unkown

The following security flaws were found and fixed in clamav:

CVE-2008-0314

    Damian Put discovered that a buffer overflow in the handler for
    PeSpin binaries may lead to the execution of arbitrary code.

CVE-2008-1100

    Alin Rad Pop discovered that a buffer overflow in the handler for
    Upack PE binaries may lead to the execution of arbitrary code.

no CVE yet

    Damian Put and Thomas Pollet discovered that a buffer overflow in
    the handler for WWPack-compressed PE binaries may lead to the
    execution of arbitrary code.

For etch, an updated ClamAV package is available in etch/volatile as