There is new version. Reproducible: Always
*** Bug 355421 has been marked as a duplicate of this bug. ***
In the last days I worked on the ClamAV ebuild in my local overlay and I hope that these changes help to improve the ebuild in the portage tree. I will attach my clamav-0.97.ebuild (and a clamav-0.97-nls.patch) which has the following modifications: ** Do not install signatures anymore. This modification resolves problems while upgrading and reinstalling ClamAV. After upgrading from an older ebuild or installing a fresh install you have to manually download the newest signatures with /usr/bin/freshclam. Fixes Gentoo Bugs #336842 and #345965. * Update ebuild to EAPI 4. * Simplify ebuild for release candidates. * Fix zlib dependency. * Remove 'system set' dependencies for sys-apps/sed and sys-apps/grep. Mentioned in Gentoo Bug #345965. * Remove unneeded 'ht_fix_file configure'. * Install all bundled documentations. * Remove old warning. * Some stylistic changes.
Created attachment 263047 [details] clamav-0.97.ebuild
Created attachment 263049 [details, diff] clamav-0.97-nls.patch
It is good to know something is eventually moving around the app-antivirus/clamav package. I would like to plaud to Bernd's efforts respect to this. Hope this will result in a prompt availability of the 0.97 version to Gentoo users!
It may be a security issue according to http://comments.gmane.org/gmane.comp.security.oss.general/4227 Maintainers, please do the version bump.
CVE-2011-1003 assigned per http://www.openwall.com/lists/oss-security/2011/02/21/4.
In CVS.
Current stable portage (2.1.9.25) does not support EAPI4, does it means that we have to install unstable portage (and deps) to get the "possible" security fix in latest clamav ? # emerge -va1 =app-antivirus/clamav-0.97 !!! One of the following masked packages is required to complete your request: - app-antivirus/clamav-0.97 (masked by: EAPI 4)
That is of course unacceptable. Please provide an ebuild that is installable on stable gentoo.
(In reply to comment #10) > That is of course unacceptable. Please provide an ebuild that is installable on > stable gentoo. Oops, sorry. I thought about that but it slipped my mind when committing the ebuild changes. I reverted the ebuild in CVS back to EAPI 2 like the rest of the clamav ebuilds.
Thanks! :)
Secunia confirms the vulnerability: http://secunia.com/advisories/43392 Arches, please stabilize =app-antivirus/clamav-0.97
works on amd64
Tested on x86 also, looks good here!
Tested on SPARC, looks fine. clamscan works well.
(In reply to comment #16) > Tested on SPARC, looks fine. clamscan works well. Thanks. Stable for HPPA SPARC.
ppc done
(In reply to comment #18) > ppc done > you forgot to remove ppc from CC list :)
amd64 done. Thanks Agostino
ppc64 stable
x86 stable
Stable on alpha.
ia64 stable
Thanks, everyone. Added to existing GLSA request.
Tahnks for new version.
CVE-2011-1003 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1003): Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.
Rerating B1 since clamav often runs in automated systems where it simply scans all email processed, i.e. no user action is required to be exploited.
This issue was resolved and addressed in GLSA 201110-20 at http://security.gentoo.org/glsa/glsa-201110-20.xml by GLSA coordinator Tim Sammut (underling).
