209915 CVE-2008-0318 2008-02-12 20:41 0000 app-antivirus/clamav < 0.92.1 multiple vulnerabilities (CVE-2008-0318,CVE-2008-0728) 2008-02-24 19:43:21 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/28907/ B2 [glsa] P2 normal --- 1 py@gentoo.org security@gentoo.org antivirus@gentoo.org net-mail@gentoo.org py@gentoo.org 2008-02-12 20:41:50 0000 Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. 1) An integer overflow error exists within the "cli_scanpe()" function in libclamav/pe.c. No further information is currently available. 2) An error within the "unmew11()" function in libclamav/mew.c can be exploited to corrupt heap memory. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 0.92.1. Solution: Update to version 0.92.1. py@gentoo.org 2008-02-12 20:43:27 0000 net-mail/antivirus, ok for fast-tracking stabilization of 0.92.1? lars@chaotika.org 2008-02-14 16:56:51 0000 could someone please add "CVE-2008-0728" to the summary? (i dont have the needed permissions) jaervosz@gentoo.org 2008-02-14 19:03:10 0000 Maintainers please advise. ticho@gentoo.org 2008-02-16 17:45:49 0000 I'm OK for 0.92.1 stabilization. py@gentoo.org 2008-02-16 20:23:10 0000 Arches please test and mark stable app-antivirus/clamav-0.92.1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" maekke@gentoo.org 2008-02-16 20:42:45 0000 x86 stable angelos@gentoo.org 2008-02-17 13:22:20 0000 amd64 stable armin76@gentoo.org 2008-02-18 14:57:18 0000 alpha/ia64/sparc stable jer@gentoo.org 2008-02-18 15:45:51 0000 Stable for HPPA. ranger@gentoo.org 2008-02-18 17:27:29 0000 ppc64 done dertobi123@gentoo.org 2008-02-19 18:04:25 0000 ppc stable py@gentoo.org 2008-02-19 20:13:59 0000 hmm, don't know why I rated this B3 at first... glsa request filed. py@gentoo.org 2008-02-21 22:53:49 0000 GLSA 200802-09 pva@gentoo.org 2008-02-24 19:43:21 0000 Fixed in release snapshot.