Dapper Backports

clamav in dapper-backports vulnerable

Bug #74216 reported by John Dong
256
Affects Status Importance Assigned to Milestone
Dapper Backports
Fix Released
Wishlist
Unassigned

Bug Description

Clamav in dapper-backports is vulnerable to two security vulnerabilities:

clamav (0.88.4-1ubuntu2) edgy; urgency=low

  * SECURITY UPDATE: multiple denial of service attacks in file processors.
  * Add 'debian/patches/30_pe_chm_overflows.dpatch' to close overflows.
    Patch from Debian stable (Closes Malone #66510).
  * References
    CVE-2006-4182, CVE-2006-5295

 -- Kees Cook <email address hidden> Mon, 23 Oct 2006 12:09:30 -0700

At the time the 0.88.4 backport seemed like a good idea... but now it's clearly not, since clamav is getting -security love. So, dapper-backports users are still vulnerable to these two.

The easiest workaround option right now is to backport edgy's version to Dapper, which resolves this for now.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Working on a source backport of 0.88.7 that was once in the Feisty repository as an interim while we work out the dependencies for a clamav 0.91 backport.

Scott Kitterman (kitterman)
Changed in dapper-backports:
importance: Undecided → Wishlist
status: New → In Progress
Revision history for this message
Scott Kitterman (kitterman) wrote :

Accepted:
 OK: clamav_0.88.7.orig.tar.gz
 OK: clamav_0.88.7-1ubuntu1~dapper.diff.gz
 OK: clamav_0.88.7-1ubuntu1~dapper.dsc
     -> Component: universe Section: utils
.
Format: 1.7
Date: Thu, 12 Jul 2007 08:32:01 -0400
Source: clamav
Binary: clamav libclamav-dev clamav-dbg clamav-milter clamav-base clamav-freshclam clamav-testfiles clamav-daemon libclamav1 clamav-docs
Architecture: source
Version: 0.88.7-1ubuntu1~dapper
Distribution: dapper-backports
Urgency: low
Maintainer: Stephen Gran <email address hidden>
Changed-By: Scott Kitterman <email address hidden>
Description:
 clamav - antivirus scanner for Unix
 clamav-base - base package for clamav, an anti-virus utility for Unix
 clamav-daemon - antivirus scanner daemon
 clamav-dbg - debug symbols for clamav
 clamav-docs - documentation package for clamav, an anti-virus utility for Unix
 clamav-freshclam - downloads clamav virus databases from the Internet
 clamav-milter - antivirus scanner for sendmail
 clamav-testfiles - use these files to test that your Antivirus program works
 libclamav-dev - clam Antivirus library development files
 libclamav1 - virus scanner library
Changes:
 clamav (0.88.7-1ubuntu1~dapper) dapper-backports; urgency=low
 .
   * Drop build-dep for dpkg-dev to 1.13.11 for Dapper and associate
     debian/control changes

Changed in dapper-backports:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.