[Bug 74216] clamav in dapper-backports vulnerable
John Dong
john.dong at gmail.com
Sun Dec 3 01:34:44 GMT 2006
Private bug reported:
Clamav in dapper-backports is vulnerable to two security
vulnerabilities:
clamav (0.88.4-1ubuntu2) edgy; urgency=low
* SECURITY UPDATE: multiple denial of service attacks in file processors.
* Add 'debian/patches/30_pe_chm_overflows.dpatch' to close overflows.
Patch from Debian stable (Closes Malone #66510).
* References
CVE-2006-4182, CVE-2006-5295
-- Kees Cook <kees at ubuntu.com> Mon, 23 Oct 2006 12:09:30 -0700
At the time the 0.88.4 backport seemed like a good idea... but now it's clearly not, since clamav is getting -security love. So, dapper-backports users are still vulnerable to these two.
The easiest workaround option right now is to backport edgy's version to Dapper, which resolves this for now.
** Affects: dapper-backports (upstream)
Importance: Undecided
Status: Unconfirmed
--
clamav in dapper-backports vulnerable
https://launchpad.net/bugs/74216
More information about the ubuntu-backports
mailing list