clamav in dapper-backports vulnerable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Dapper Backports |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Clamav in dapper-backports is vulnerable to two security vulnerabilities:
clamav (0.88.4-1ubuntu2) edgy; urgency=low
* SECURITY UPDATE: multiple denial of service attacks in file processors.
* Add 'debian/
Patch from Debian stable (Closes Malone #66510).
* References
CVE-2006-4182, CVE-2006-5295
-- Kees Cook <email address hidden> Mon, 23 Oct 2006 12:09:30 -0700
At the time the 0.88.4 backport seemed like a good idea... but now it's clearly not, since clamav is getting -security love. So, dapper-backports users are still vulnerable to these two.
The easiest workaround option right now is to backport edgy's version to Dapper, which resolves this for now.
Changed in dapper-backports: | |
importance: | Undecided → Wishlist |
status: | New → In Progress |
Working on a source backport of 0.88.7 that was once in the Feisty repository as an interim while we work out the dependencies for a clamav 0.91 backport.