[ubuntu/lucid-security] clamav_0.96.5+dfsg-1ubuntu1.10.04.4_sparc_translations.tar.gz, clamav, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_i386_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_amd64_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_armel_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_ia64_translations.tar.gz, clamav_0.96.5+dfsg-1ubuntu1.10.04.4_powerpc_translations.tar.gz 0.96.5+dfsg-1ubuntu1.10.04.4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Jun 19 18:05:19 UTC 2012
clamav (0.96.5+dfsg-1ubuntu1.10.04.4) lucid-security; urgency=low
* SECURITY UPDATE: fix detection bypass via malformed tar entry with
length that exceeds tar size
- libclamav/untar.c: scan output at end of truncated tar
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=8e199ae3cfb2b862b8bc36d9a01c8f8d716169ab
- CVE-2012-1457
* SECURITY UPDATE: fix detection bypass via crafted reset interval in
CHM file
- libclamav/mspack.c: properly scan chm with invalid handling.
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=a58b68f8adf2466b761ce05f74a4580c1f74fbe6
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
- CVE-2012-1458
* SECURITY UPDATE: fix detection bypass via tar archive with invalid
length field
- libclamav/untar.c: improve logic, look at checksums
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=c3c807d78b09b3f64630601002fdc7db257d89da
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
- CVE-2012-1459
Date: Mon, 18 Jun 2012 10:28:54 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4
-------------- next part --------------
Format: 1.8
Date: Mon, 18 Jun 2012 10:28:54 -0400
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav6 clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source
Version: 0.96.5+dfsg-1ubuntu1.10.04.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
clamav - anti-virus utility for Unix - command-line interface
clamav-base - anti-virus utility for Unix - base package
clamav-daemon - anti-virus utility for Unix - scanner daemon
clamav-dbg - debug symbols for ClamAV
clamav-docs - anti-virus utility for Unix - documentation
clamav-freshclam - anti-virus utility for Unix - virus database update utility
clamav-milter - anti-virus utility for Unix - sendmail integration
clamav-testfiles - anti-virus utility for Unix - test files
libclamav-dev - anti-virus utility for Unix - development files
libclamav6 - anti-virus utility for Unix - library
Changes:
clamav (0.96.5+dfsg-1ubuntu1.10.04.4) lucid-security; urgency=low
.
* SECURITY UPDATE: fix detection bypass via malformed tar entry with
length that exceeds tar size
- libclamav/untar.c: scan output at end of truncated tar
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=8e199ae3cfb2b862b8bc36d9a01c8f8d716169ab
- CVE-2012-1457
* SECURITY UPDATE: fix detection bypass via crafted reset interval in
CHM file
- libclamav/mspack.c: properly scan chm with invalid handling.
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=a58b68f8adf2466b761ce05f74a4580c1f74fbe6
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
- CVE-2012-1458
* SECURITY UPDATE: fix detection bypass via tar archive with invalid
length field
- libclamav/untar.c: improve logic, look at checksums
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=c3c807d78b09b3f64630601002fdc7db257d89da
- http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
- CVE-2012-1459
Checksums-Sha1:
ad91bae329f8a1f4be118ac1dbb58fdee789c61f 2316 clamav_0.96.5+dfsg-1ubuntu1.10.04.4.dsc
afad6ffc909814de070b2b42521ccf20a3e39acb 287594 clamav_0.96.5+dfsg-1ubuntu1.10.04.4.diff.gz
Checksums-Sha256:
a5c047af29c5a8766dcb10477375f9a5cba395b392581b55bdf998f247c60ad2 2316 clamav_0.96.5+dfsg-1ubuntu1.10.04.4.dsc
dc582c80a6b1173debe9f3348529a254f839dd19109a0641cbd5e822c7e43e91 287594 clamav_0.96.5+dfsg-1ubuntu1.10.04.4.diff.gz
Files:
5f3c5be15f0c2eec38a17e2ee9855c1c 2316 utils optional clamav_0.96.5+dfsg-1ubuntu1.10.04.4.dsc
8a067bf012d4d333890509b0c7a51154 287594 utils optional clamav_0.96.5+dfsg-1ubuntu1.10.04.4.diff.gz
Original-Maintainer: ClamAV Team <pkg-clamav-devel at lists.alioth.debian.org>
More information about the Lucid-changes
mailing list