Bugzilla Bug 174375

Not sure how serius this is.

From 0.90.2 Changelog

    - libclamav/chmunpack.c: fix fd leak in chm_decompress_stream
      (CVE-2007-1745)
    - libclamav/cab.c: fix buffer overflow, reported through iDefense
      Vulnerability Contributor Program (CVE-2007-1997)
    - libclamav/pdf.c: Fix fd leak on empty objects. Scan in user memory
    - libclamav/lockdb.c: fix fd leak on EACCES/EAGAIN (bb#400)

Ebuild is in the tree. The nls patch update mentioned in the changelog
shouldn't stop anyone from security-stabilizing this version - if anything, it
will produce less bugs than the previous patch. :)

Thx Ticho.

Arches please test and mark stable. Target keywords are:

clamav-0.90.2.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86
~x86-fbsd"

ia64 + x86 stable

sparc stable.

Alpha done.

amd64 done

ppc stable

Stable for HPPA.

You should get the patch in bug #174512 in asap as well so users don't have
trouble restarting their clamd process when they do this security update.

(In reply to comment #9)
> You should get the patch in bug #174512 in asap as well so users don't have
> trouble restarting their clamd process when they do this security update.
> 

It is in. Thanks and sorry for the omission.

ppc64 stable

Since this is rated B2/3 I'm calling a vote. I vote YES.

voting YES.

After updating to 0.90-2 the clamscan will need a lot of time for scanning.

# /usr/bin/clamscan - </dev/null
stdin: OK
----------- SCAN SUMMARY -----------
Known viruses: 215418
Engine version: 0.90.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 53.279 sec (0 m 53 s)

Any resolving idea about this ??

(In reply to comment #14)
> After updating to 0.90-2 the clamscan will need a lot of time for scanning.

That's an upstream issue, and is/was discussed on upstream mailing lists, if i
remember correctly. It's unrelated to this bugzilla entry.

updating status, GLSA is in the queue

GLSA 200704-21

thanks everyone