Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. 1) An integer overflow error exists within the "cli_scanpe()" function in libclamav/pe.c. No further information is currently available. 2) An error within the "unmew11()" function in libclamav/mew.c can be exploited to corrupt heap memory. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 0.92.1. Solution: Update to version 0.92.1.
net-mail/antivirus, ok for fast-tracking stabilization of 0.92.1?
could someone please add "CVE-2008-0728" to the summary? (i dont have the needed permissions)
Maintainers please advise.
I'm OK for 0.92.1 stabilization.
Arches please test and mark stable app-antivirus/clamav-0.92.1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
x86 stable
amd64 stable
alpha/ia64/sparc stable
Stable for HPPA.
ppc64 done
ppc stable
hmm, don't know why I rated this B3 at first... glsa request filed.
GLSA 200802-09
Fixed in release snapshot.