libclamav petite.c denial of sevice issue

Hello, what does the Fix Released status indicate, that the fixed version is in Intrepid? Thanks for clarifying!

Yes. Here's the patch for Hardy.

Here's another patch for Gutsy

Here's the Feisty patch

and the Dapper patch

Isn't this a duplicate for : bug 238575?

On Thu, 17 Jul 2008 11:33:10 -0000 Leonel Nunez <email address hidden>
wrote:
>Isn't this a duplicate for : bug 238575?

No. That one missed a spot.

I thought that were the same that's why I didn't get into it

Great it got fixed

Thanks for the debdiffs! Michael, can you respin the debdiffs so the versions follow https://wiki.ubuntu.com/SecurityUpdateProcedures? Also, the gutsy debdiff needs to have 'gutsy-security'. We also typically have the 'References' field last in the list of changes.

We've been following a non-standard sequence for some time. There's no risk
of version collision.

Replacement gutsy patch at the request of the security team.

Discussed in IRC-- in reviewing the patches for dapper-gutsy, there were whitespace changes that diverged from Scott's hardy debdiff. Please respin dapper-gutsy by applying hardy's debdiff (minus the changelog). Since all versions have the same source, it's really important to keep the patches the same between all versions. Thanks!

I'm respinning the fixes (sorry for the late response, I've been running around like an idiot today ;-)).

Here's the gutsy one.

ack, sorry, I uploaded the wrong debdiff. here's the right one

Here's feisty

Here's dapper.

I apologize the invalidness of the patches; I hadn't realized it was all the same version so I simply recreated the patch for each effected version.

Uploaded the *right* patch this time.

This bug was fixed in the package clamav - 0.92.1~dfsg2-1.1ubuntu0.2

---------------
clamav (0.92.1~dfsg2-1.1ubuntu0.2) hardy-security; urgency=high

  * SECURITY UPDATE: fix possible DoS due to invalid memory access
  * References
    CVE-2008-2713
    Debian Bug #490925
  * Updated 27_petite.c.dpatch (LP: #249316)
    - libclamav/petite.c: fix one more spot

 -- Scott Kitterman <email address hidden> Thu, 17 Jul 2008 00:41:21 -0400

This bug was fixed in the package clamav - 0.92.1~dfsg2-1.1~gutsy3.1

---------------
clamav (0.92.1~dfsg2-1.1~gutsy3.1) gutsy-security; urgency=low

  * SECURITY UPDATE: fix possible DoS due to invalid memory access
  * Updated 27_petite.c.dpatch (LP: #249316)
    - libclamav/petite.c: fix one more spot
  * References
    CVE-2008-2713
    Debian Bug #490925

 -- Michael Casadevall <email address hidden> Thu, 17 Jul 2008 05:25:10 +0000

This bug was fixed in the package clamav - 0.92.1~dfsg2-1.1~feisty3.1

---------------
clamav (0.92.1~dfsg2-1.1~feisty3.1) feisty-security; urgency=low

  * SECURITY UPDATE: fix possible DoS due to invalid memory access
  * Updated 27_petite.c.dpatch (LP: #249316)
    - libclamav/petite.c: fix one more spot
  * References
    CVE-2008-2713
    Debian Bug #490925

 -- Michael Casadevall <email address hidden> Thu, 17 Jul 2008 06:03:13 +0000