FFe for clamav 0.96.3

Bug #644707 reported by Scott Kitterman on 2010-09-21
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: clamav

Clamav 0.96.3 was released today and has been packaged in Debian and is intended for Squeeze (it now has something similar to a microversion release exception in Debian). This release fixes two security issues (one of which is already fixed via distro patch) and as is usually the case enables detection of newer virus threats. We should release with the current clamav.

Packaging: Package is from Debian with the standard Ubuntu diff for apparmor support, dropping build-dep on electric-fence (because it's in Universe), and not shipping signatures (users will get them from clamav-data or download via freshclam). There is one minor clamav-freshclam postinst fix that's cherrypicked from Debian's next upload (it's a fix for an issue I found in my testing).

Testing: Performed the most significant steps of the post-release update test process:

1. Passes all clamav tests in https://code.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master
2. Rebuilt all libclamav-dev reverse-build-depends to ensure they will still be buildable
3. Tested binary compatibility with klamav (this is the canary in the coal mine package for libclamav binary compatiblity) without issue

Impacts on other packages: None. This is binary compatible with the current package in Maverick.

I'll push this to the unapproved queue and it can be reviewed there.

Related branches

CVE References

Mathias Gug (mathiaz) on 2010-09-21
Changed in clamav (Ubuntu):
importance: Undecided → Wishlist
Scott Kitterman (kitterman) wrote :

Since it fixes a minor security bug it's not really wishlist.

Changed in clamav (Ubuntu):
importance: Wishlist → Medium
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.96.3+dfsg-1ubuntu1

---------------
clamav (0.96.3+dfsg-1ubuntu1) maverick; urgency=low

    * Merge new upstream release from Debian Unstable. FFe (LP: #644707).
      Also fixes (LP: #643682). Remaining Ubuntu changes:
      - Drop initial signature definitions from clamav-base
      - Drop build-dep on electric-fence (in Universe)
      - Add apparmor profiles for clamd and freshclam along with maintainer
        script changes
    * Fix NotifyClamd configurate in debian/clamav-freshclam.postinst
      - Cherry pick from Debian pkg-clamav Git, Thanks to Stephen Gran

clamav (0.96.3+dfsg-1) unstable; urgency=high

  [ Stephen Gran ]
  * Fixed NotifyClamd config options handling.

  [ Alberto WU ]
  * New upstream release
    - urgency=high as this addresses CVE-2010-0405
    - Reset MaxFileSize to default value if set to 0 (closes: #585479)
    - New config option ExtendedDetectionInfo (clamd.conf)

  [ Michael Tautschnig ]
  * Set data segment limit in tests to 524288 to make kfreebsd-i386 systems
    happy (closes: #591245).
  * Bumped Standards-Version to 3.9.1, no changes needed.
  * Preserve order of database mirrors (closes: #592322).
  * Added Vcs-Git and Vcs-Browser control fields.
  * Debconf translation updates
    - Italian (closes: #597307)
  * We'll stay with 1.0 Debian source format for now, added proper
    debian/source/format
 -- Scott Kitterman <email address hidden> Mon, 20 Sep 2010 15:41:38 -0400

Changed in clamav (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers