This bug was fixed in the package clamav - 0.94.dfsg.2-1ubuntu0.3~hardy4

---------------
clamav (0.94.dfsg.2-1ubuntu0.3~hardy4) hardy-security; urgency=low

  * No change rebuild from backports for use with ClamAV 0.94

clamav (0.94.dfsg.2-1ubuntu0.3~hardy3) hardy-backports; urgency=low

  * Update Hardy backport to include the latest apparmor profile fixes from
    Jaunty development

clamav (0.94.dfsg.2-1ubuntu0.3~hardy2) hardy-backports; urgency=low

  * Drop deny rule in freshclam apparmor profile since deny is not supported
    in Hardy's apparmor (LP: #360919)

clamav (0.94.dfsg.2-1ubuntu0.3~hardy1) hardy-backports; urgency=low

  * Source backport for Hardy (lsb-base not present in sufficient version)
    (LP: #354190, #360502)
    - Drop versioning of lsb-base depends
    - Revert lsb status changes from maintainer scripts
  * Update existing backport with security fixes from 0.95 and 0.95.1
  * Update apparmor profile with fixes from Jaunty

clamav (0.94.dfsg.2-1ubuntu0.3) intrepid-security; urgency=high

  * SECURITY UPDATE: (LP: #360502)
  * References
  * libclamav/others.h: harden CLI_ISCONTAINED macro (bb#1552) (Denial of
    service)
  * Note: clamav-milter bugs such as 1499, 1522, 1524, and 1531 are not
    relevant to clamav 0.94.2 and earlier versions
  * Note: The code related to clamav bug 1553 was substantially rewritten in
    0.95, so it is also not relevant to clamav 0.94.2 and earlier versions
  * Bump CL_FLEVEL_DCONF to 0.95.1 level since relevant security patches are
    applied
  * Added CVE references for 0.94.dfsg.2-1ubuntu0.2 now that they've been
    assigned

clamav (0.94.dfsg.2-1ubuntu0.2) intrepid-security; urgency=high

  * SECURITY UPDATE (LP: #354190):
  * References Clamav #1335, #1462, CVE 2008-6680, CVE 2009-1270
  * libclamav/pe.c: division by zero with --detect-broken (bb#1335) (Denial of
    service)
  * libclamav/untar.c: infloop in tar.c (bb#1462) (Denial of Service)
  * Add dconf_renable patch from 0.95 (previously backported to 0.92.2)
    - Bump CL_FLEVEL_DCONF to 0.95 level since security patches are applied

clamav (0.94.dfsg.2-1ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: (LP: #304017)
    - Fix recursive stack overflow in jpeg parsing code
  * Other changes:
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 for
      clamav-daemon and clamav-freshclam
    - add debian/usr.bin.freshclam and debian/usr.sbin.clamd
    - debian/clamav-(daemon|freshclam).dirs: add etc/apparmor.d/force-complain
    - debian/clamav-(daemon|freshclam).install: install profiles
    - debian/clamav-(daemon|freshclam).preinst: create symlink for
      force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles
      profile is unchanged (ie non-enforcing) and upgrades where the profile
      doesn't exist.
    - debian/clamav-(daemon|freshclam).postrm: remove symlink in
      force-complain/ on purge.
    - debian/clamav-(daemon|freshclam).postinst.in: reload apparmor
    - update README.Debian with note on Apparmor
    - Enable upstream test suite in debian/rules

clamav (0.94.dfsg.2-1) unstable; urgency=low

  [ Stephen Gran ]
  * New upstream version

  [ Michael Meskes ]
  * Removed unused debconf templates and unfuzzied all translations.

  [ Michael Tautschnig ]
  * Removed --unzip from clampipe script (closes: #506055)
  * Moved clamav-milter specific stuff from its specific README.Debian to
    clamav-global one.
  * Sync start of clamav-milter with clamav-daemon when clamav-daemon is being
    upgraded (closes: #309067)
  * The TemporaryDirectory option has been added long ago, no need for hacks
    via clamav-daemon.default anymore (closes: #253080)

clamav (0.94.dfsg.1-1ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: (LP: #296704)
    - Fix off-by-one heap overflow
  * Other changes:
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 for
      clamav-daemon and clamav-freshclam
    - add debian/usr.bin.freshclam and debian/usr.sbin.clamd
    - debian/clamav-(daemon|freshclam).dirs: add etc/apparmor.d/force-complain
    - debian/clamav-(daemon|freshclam).install: install profiles
    - debian/clamav-(daemon|freshclam).preinst: create symlink for
      force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles
      profile is unchanged (ie non-enforcing) and upgrades where the profile
      doesn't exist.
    - debian/clamav-(daemon|freshclam).postrm: remove symlink in
      force-complain/ on purge.
    - debian/clamav-(daemon|freshclam).postinst.in: reload apparmor
    - update README.Debian with note on Apparmor
  * Update apparmor profile for clamd to work with TCP sockets (LP: #288942)

clamav (0.94.dfsg.1-1) unstable; urgency=low

  [ Stephen Gran ]
  * New upstream version (closes: #505134, #502165, #501298)
  * Handle new option SubmitDetectionStats in freshclam.conf
  * Remove RAR from the description, since we really don't handle it anymore
  * Skip 'sleep until -e socket' logic if socket is of type inet (LP #296086)

  [ Michael Meskes ]
  * Added myself as uploader.
  * Changed watch file to account for dfsg extension.
  * Do not configure temporary directory in clamd.conf anymore unless it is
    already configured there.
  * Added Basque debconf translation (closes: #500007)

  [ Michael Tautschnig ]
  * Use lsb's status_of_proc function to determine the status of the process
    and return with according exit codes (closes: #486076)
  * Updated Dutch debconf translation (thanks Paul Gevers <email address hidden>)
    (closes: #501627)
  * Changed versioned dependency of clamav-daemon to clamav-base to equals
    (closes: #500416)
  * Handle new option DetectionStatsCountry in freshclam.conf
  * Don't trust the multilib guessing stuff, always use libdir=$prefix/lib
  * Removed nowadays unused lintian overrides
  * Create md5sums control file for clamav-dbg as well (thanks, lintian)

clamav (0.94.dfsg.1~rc1-0ubuntu2) intrepid; urgency=low

  * update clamd profile for use with exim (LP: #288110)

clamav (0.94.dfsg.1~rc1-0ubuntu1) intrepid; urgency=low

  * New upstream RC release (LP:#286176)
    - Odd version numbering is to get a higher version than 0.94.dfsg without
      an epoch and was coordinated with Debian
    - Packaging based on current Ubuntu (0.94.dfsg-1ubuntu2) and does not use
      unreleased packaging improvements in the Debian pkg-claamv Git repo to
      minimize risk for Intrepid
    - Handle new freshclam option SubmitDetectionStats (cherry picked from
      Debian pkg-clamav Git repo)

clamav (0.94.dfsg-1ubuntu2) intrepid; urgency=low

  * Update apparmor profile based on test feedback (LP: #276865)
    -Thanks to Ante Karamatić for the change

clamav (0.94.dfsg-1ubuntu1) intrepid; urgency=low

  * Follow ApparmorProfileMigration and force apparmor complain mode on some
    upgrades (LP: #264817)
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 for
      clamav-daemon and clamav-freshclam
    - add debian/usr.bin.freshclam and debian/usr.sbin.clamd
    - debian/clamav-(daemon|freshclam).dirs: add etc/apparmor.d/force-complain
    - debian/clamav-(daemon|freshclam).install: install profiles
    - debian/clamav-(daemon|freshclam).preinst: create symlink for
      force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles
      profile is unchanged (ie non-enforcing) and upgrades where the profile
      doesn't exist.
    - debian/clamav-(daemon|freshclam).postrm: remove symlink in
      force-complain/ on purge.
    - debian/clamav-(daemon|freshclam).postinst.in: reload apparmor
    - update README.Debian with note on Apparmor

clamav (0.94.dfsg-1) unstable; urgency=low

  * New upstream version (closes: #497662, #497773)
    - lots of new options for clamd.conf
    - fixes CVEs CVE-2008-3912, CVE-2008-3913, CVE-2008-3914, and
      CVE-2008-1389
  * No longer supports --unzip option, so typo is gone (closes: #496276)
  * Translations:
    - sv (thanks Martin Bagge <email address hidden>) (closes: #491760)

clamav (0.93.3.dfsg-1) unstable; urgency=low

  * New upstream version (closes: #489890, #492838, #491720)
  * Fix AUTHORS symlink (closes: #490207)
  * Fix freshclam's logcheck regex (closes: #486385)

clamav (0.93.1.dfsg-1.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * This update addresses the following security issue:
    - CVE-2008-2713: A crafted petite file can trigger an out-of-bound
      read operation in petite.c resulting in a denial of sevice
      (Closes: #490925).

clamav (0.93.1.dfsg-1) unstable; urgency=low

  * New upstream version
  * Move conflicts to freshclam

clamav (0.93~dfsg-4) unstable; urgency=low

  * Dammit.  The -f flag is there for a reason (closes: #484262)

clamav (0.93~dfsg-3) unstable; urgency=low

  * Make dash happy with use of return (closes: #484170)

clamav (0.93~dfsg-2) unstable; urgency=low

  * Remove dpatch dependency - we keep the code in a patch system.
  * Wrap evaluations of [ $variable = true ] in calls to to_lower()
  * Add is_true function to catch the 7 bajillion variants of something being
    true (closes: #483874)
  * Clean up old incompatible database formats.  Users of 3rd party software
    that also loads those old databases are now out of luck. (closes: #481864)
  * Fix logcheck lines for clamav-daemon (closes: #477818)
  * New translation:
    - sv (thanks Martin Bagge <email address hidden>)(closes: #483765)

clamav (0.93~dfsg-1) unstable; urgency=low

  * New upstream release (closes: #476450, #477278)
    - Fixes failure to lock database directory
      (closes: #467298, #471643, #426503)
  * Fix logrotation when supervised (closes: #469196)
  * Run adduser on every new install - this should work around the
    xen-create-image thing of adding users but not groups (closes: #458015)
  * Make clamav-milter be a little more self-documenting (closes: #477178)

 -- Jamie Strandboge <email address hidden>   Thu, 30 Apr 2009 14:44:26 -0500