diff -u clamav-0.92~dfsg/debian/patches/00list clamav-0.92~dfsg/debian/patches/00list
--- clamav-0.92~dfsg/debian/patches/00list
+++ clamav-0.92~dfsg/debian/patches/00list
@@ -5,0 +6,2 @@
+26_pe.c.CVE-2008-0318.dpatch
+27_others.c.CVE-2007-6595.dpatch
diff -u clamav-0.92~dfsg/debian/changelog clamav-0.92~dfsg/debian/changelog
--- clamav-0.92~dfsg/debian/changelog
+++ clamav-0.92~dfsg/debian/changelog
@@ -1,3 +1,14 @@
+clamav (0.92~dfsg-2~dapper1.1) dapper-security; urgency=low
+
+   * SECURITY UPDATE: possible integer overflow and tempfile symlink
+     vulnerability
+   * Added : 27_others.c.CVE-2007-6595.dpatch Fixes Tempfile symlink
+     vulnerability
+   * Added 26_pe.c.CVE-2008-0318.dpatch: Fixes posible integer overflow
+   * References  CVE-2007-6595 CVE-2008-0318 (LP: 191150)
+
+ -- Leonel Nunez <leonel@enelserver.com>  Mon, 11 Feb 2008 22:52:13 -0700
+
 clamav (0.92~dfsg-2~dapper1) dapper-backports; urgency=low
 
   * Source backport for dapper-backports.  Changes:
only in patch2:
unchanged:
--- clamav-0.92~dfsg.orig/debian/patches/27_others.c.CVE-2007-6595.dpatch
+++ clamav-0.92~dfsg/debian/patches/27_others.c.CVE-2007-6595.dpatch
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 27_others.c.CVE-2007-6595.dpatch by Leonel Nunez <leonel@enelserver.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad clamav-0.92~dfsg~/libclamav/others.c clamav-0.92~dfsg/libclamav/others.c
+--- clamav-0.92~dfsg~/libclamav/others.c        2007-12-12 15:35:59.000000000 -0700
++++ clamav-0.92~dfsg/libclamav/others.c 2008-02-11 22:48:10.000000000 -0700
+@@ -492,8 +492,12 @@
+     if(!*name)
+        return CL_EMEM;
+ 
+-    *fd = open(*name, O_RDWR|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU);
+-    if(*fd == -1) {
++    *fd = open(*name, O_RDWR|O_CREAT|O_TRUNC|O_BINARY|O_EXCL, S_IRWXU);
++    /*
++     * EEXIST is almost impossible to occur, so we just treat it as other
++     * errors
++     */
++   if(*fd == -1) {
+        cli_errmsg("cli_gentempfd: Can't create temporary file %s: %s\n", *name, strerror(errno));
+        free(*name);
+        return CL_EIO;
+
only in patch2:
unchanged:
--- clamav-0.92~dfsg.orig/debian/patches/26_pe.c.CVE-2008-0318.dpatch
+++ clamav-0.92~dfsg/debian/patches/26_pe.c.CVE-2008-0318.dpatch
@@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 26_pe.c.CVE-2008-0318.dpatch by Leonel Nunez <leonel@enelserver.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad clamav-0.92~dfsg~/libclamav/pe.c clamav-0.92~dfsg/libclamav/pe.c
+--- clamav-0.92~dfsg~/libclamav/pe.c    2007-12-10 07:13:16.000000000 -0700
++++ clamav-0.92~dfsg/libclamav/pe.c     2008-02-11 22:44:40.000000000 -0700
+@@ -813,6 +813,19 @@
+            }
+        }
+ 
++       if (exe_sections[i].uvsz>>31 || exe_sections[i].ursz>>31) {
++               cli_dbgmsg("Found PE values with sign bit set\n");
++               free(section_hdr);
++               free(exe_sections);
++               if(DETECT_BROKEN) {
++                       if(ctx->virname)
++                               *ctx->virname = "Broken.Executable";
++                       return CL_VIRUS;
++               }
++               return CL_CLEAN;
++       }
++         
++
+        if(!i) {
+            if (DETECT_BROKEN && exe_sections[i].urva!=hdr_size) { /* Bad first section RVA */
+                cli_dbgmsg("First section is in the wrong place\n");
+