From ${URL} : Description Two vulnerabilities with an unknown impact have been reported in ClamAV. 1) A double-free error exists within the "unrar_extract_next_prepare()" function (libclamunrar_iface/unrar_iface.c) when parsing a RAR file. 2) An unspecified error within the "wwunpack()" function (libclamav/wwunpack.c) when unpacking a WWPack file can be exploited to corrupt heap memory. The vulnerabilities are reported in version 0.97.6. Prior versions may also be affected. Solution Update to version 0.97.7. Provided and/or discovered by The vendor credits Felix Groebert, Mateusz Jurczyk, and Gynvael Coldwind, Google Security Team. Original Advisory ClamAV: http://blog.clamav.net/2013/03/clamav-0977-has-been-released.html
Maintainers, may we proceed with stabilization of =app-antivirus/clamav-0.97.7 ?
@security: Please stabilize =app-antivirus/clamav-0.97.7.
(In reply to comment #2) > @security: Please stabilize =app-antivirus/clamav-0.97.7. Arches, please test and mark stable ^ Target KEYWORDS: "alpha amd64 ~arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
amd64 stable
x86 stable
ppc stable
ppc64 stable
alpha stable
Stable for HPPA.
ia64 stable
sparc stable
GLSA request filed.
not in tree anymore.
ah sorry I thought this one was assigned to antivirus@g.o as well .. if security still wants this open please re-open.
(In reply to Thomas Raschbacher from comment #14) > ah sorry I thought this one was assigned to antivirus@g.o as well .. if > security still wants this open please re-open. We need this opened for GLSA release. There is a GLSA pending. And yes we still have a backlog of GLSA's, we are trying to get the newer ones out first and work on the older ones in spare time.
This issue was resolved and addressed in GLSA 201405-08 at http://security.gentoo.org/glsa/glsa-201405-08.xml by GLSA coordinator Sergey Popov (pinkbyte).