[ubuntu/lucid-security] clamav_0.96.5+dfsg-1ubuntu1.10.04.4_sparc_translations.tar.gz, clamav, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_i386_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_amd64_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_armel_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_ia64_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_powerpc_translations.tar.gz 0.96.5+dfsg-1ubuntu1.10.04.4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jun 19 18:05:19 UTC 2012 

clamav (0.96.5+dfsg-1ubuntu1.10.04.4) lucid-security; urgency=low

  * SECURITY UPDATE: fix detection bypass via malformed tar entry with
    length that exceeds tar size
    - libclamav/untar.c: scan output at end of truncated tar
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=8e199ae3cfb2b862b8bc36d9a01c8f8d716169ab
    - CVE-2012-1457
  * SECURITY UPDATE: fix detection bypass via crafted reset interval in
    CHM file
    - libclamav/mspack.c: properly scan chm with invalid handling.
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=a58b68f8adf2466b761ce05f74a4580c1f74fbe6
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
    - CVE-2012-1458
  * SECURITY UPDATE: fix detection bypass via tar archive with invalid
    length field
    - libclamav/untar.c: improve logic, look at checksums
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=c3c807d78b09b3f64630601002fdc7db257d89da
    - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
    - CVE-2012-1459

Date: Mon, 18 Jun 2012 10:28:54 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4
-------------- next part --------------
Format: 1.8
Date: Mon, 18 Jun 2012 10:28:54 -0400
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source
Version: 0.96.5+dfsg-1ubuntu1.10.04.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav6 - anti-virus utility for Unix - library
Changes: 
 clamav (0.96.5+dfsg-1ubuntu1.10.04.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: fix detection bypass via malformed tar entry with
     length that exceeds tar size
     - libclamav/untar.c: scan output at end of truncated tar
     - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=8e199ae3cfb2b862b8bc36d9a01c8f8d716169ab
     - CVE-2012-1457
   * SECURITY UPDATE: fix detection bypass via crafted reset interval in
     CHM file
     - libclamav/mspack.c: properly scan chm with invalid handling.
     - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=a58b68f8adf2466b761ce05f74a4580c1f74fbe6
     - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
     - CVE-2012-1458
   * SECURITY UPDATE: fix detection bypass via tar archive with invalid
     length field
     - libclamav/untar.c: improve logic, look at checksums
     - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=c3c807d78b09b3f64630601002fdc7db257d89da
     - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
     - CVE-2012-1459
Checksums-Sha1: 
 ad91bae329f8a1f4be118ac1dbb58fdee789c61f 2316 clamav_0.96.5+dfsg-1ubuntu1.10.04.4.dsc
 afad6ffc909814de070b2b42521ccf20a3e39acb 287594 clamav_0.96.5+dfsg-1ubuntu1.10.04.4.diff.gz
Checksums-Sha256: 
 a5c047af29c5a8766dcb10477375f9a5cba395b392581b55bdf998f247c60ad2 2316 clamav_0.96.5+dfsg-1ubuntu1.10.04.4.dsc
 dc582c80a6b1173debe9f3348529a254f839dd19109a0641cbd5e822c7e43e91 287594 clamav_0.96.5+dfsg-1ubuntu1.10.04.4.diff.gz
Files: 
 5f3c5be15f0c2eec38a17e2ee9855c1c 2316 utils optional clamav_0.96.5+dfsg-1ubuntu1.10.04.4.dsc
 8a067bf012d4d333890509b0c7a51154 287594 utils optional clamav_0.96.5+dfsg-1ubuntu1.10.04.4.diff.gz
Original-Maintainer: ClamAV Team <pkg-clamav-devel at lists.alioth.debian.org>

More information about the Lucid-changes mailing list