[VUA 51-1] Updated clamav version

---------------------------------------------------------------------------
Debian Volatile Update Announcement VUA 51-1     http://volatile.debian.org
debian-volatile <at> lists.debian.org                               Stephen Gran
Dec 11, 2008
---------------------------------------------------------------------------

Package              : clamav
Version              : 0.94.dfsg.2-1~volatile1
Importance           : medium
CVE IDs              : CVE-2008-5050 CVE-2008-5314

The following security flaws were found and fixed in clamav:

CVE-2008-5050

    Off-by-one error in the get_unicode_name function
    (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1
    allows remote attackers to cause a denial of service (crash) or
    possibly execute arbitrary code via a crafted VBA project file,
    which triggers a heap-based buffer overflow.

CVE-2008-5314 

    Stack consumption vulnerability in libclamav/special.c in
    ClamAV before 0.94.2 allows remote attackers to cause a denial
    of service (daemon crash) via a crafted JPEG file, related
    to the cli_check_jpeg_exploit, jpeg_check_photoshop, and
    jpeg_check_photoshop_8bim functions.

If you use clamav, we recommend you upgrade to this version.