Ubuntu
clamav package

  1. Bug #460316
  2. Comment #2

Comment 2 for bug 460316

Revision history for this message
Mantas Kriaučiūnas (mantas) wrote :

I'm reopening this bug because initial signature definitions isn't removed from clamav-base package since clamav version 0.97.1+dfsg-1ubuntu1 (oneiric) :(
Now newest clamav-base packages from oneiric, natty and precise are 31Mb size (previously size was only 0.1Mb)!!!

I'm pasting important moments from debian/changelog:
1. Latest correct version was 0.97+dfsg-2ubuntu1:
clamav (0.97+dfsg-2ubuntu1.1) natty-security; urgency=low
  * SECURITY UPDATE: denial of service via hash manager off-by-one
    - libclamav/matcher-hash.c: fix count.
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=656dfd0b86817c05cc67964823fb4da8790f243d
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5
    - CVE-2011-2721
 -- Marc Deslauriers <email address hidden> Wed, 27 Jul 2011 13:31:36 -0400

clamav (0.97+dfsg-2ubuntu1) natty; urgency=low
  * Merge from debian unstable. Remaining Ubuntu changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer script changes
 -- Scott Kitterman <email address hidden> Fri, 11 Mar 2011 08:07:46 -0500

2. First bad version without "Dropped initial signature definitions from clamav-base":

clamav (0.97.1+dfsg-1ubuntu1) oneiric; urgency=low
  * Merge from debian unstable. Remaining changes:
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer script changes
 -- Scott Kitterman <email address hidden> Sat, 18 Jun 2011 11:56:34 -0400