Although clamav regularly doesn't mention security issues in release notes, this contains two issues as being discussed on oss-security.
Please provide an updated ebuild. This might be quite an issue for people running clamav on their mail-gateways...
0.96.1 in CVS.
Arches, please test and mark stable: =app-antivirus/clamav-0.96.1 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
CVE-2010-1639 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1639): The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. CVE-2010-1640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1640): Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.
All tests passed successful here on x86.
x86 stable, thanks Andreas
amd64 stable
Marked ppc/ppc64 stable.
Stable for HPPA.
alpha/ia64/sparc stable
Fixing the completely screwed up whiteboard. GLSA together with bug 314087.
GLSA 201009-06, thanks everyone.