Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 189912

Summary: app-antivirus/clamav < 0.91.2 multiple DoS and code exec (CVE-2007-45[16]0)
Product: Gentoo Security Reporter: Bernd Marienfeldt <bernd>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: antivirus, chainsaw, net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/26530/
Whiteboard: A1 [glsa]
Package list:
Runtime testing required: ---

Description Bernd Marienfeldt 2007-08-23 08:47:45 UTC 
Version 0.91.2 of Clamav fixes various bugs in libclamav, freshclam and clamav-milter, and adds support for PUA (Potentially Unwanted Application) signatures (clamscan: --detect-pua, clamd: DetectPUA).

Reproducible: Always
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-08-23 12:24:42 UTC 
setting status and cc'ing. net-mail/antivirus, 0.91.2 is already in the tree, are we okay to call arches? please advise.
Comment 2 Andrej Kacian (RETIRED) gentoo-dev 2007-08-23 12:33:16 UTC 
Yes, 0.91.2 is good to go.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-08-23 12:37:29 UTC 
great :)
arches, please test and mark stable app-antivirus/clamav-0.91.2.
Target keywords are: "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2007-08-23 13:56:00 UTC 
sparc stable.
Comment 5 Christoph Mende (RETIRED) gentoo-dev 2007-08-23 14:21:23 UTC 
amd64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2007-08-23 14:29:51 UTC 
ppc stable
Comment 7 Jurek Bartuszek (RETIRED) gentoo-dev 2007-08-23 15:13:01 UTC 
x86 stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2007-08-23 17:25:00 UTC 
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2007-08-24 16:13:31 UTC 
alpha/ia64 stable
Comment 10 Markus Rothe (RETIRED) gentoo-dev 2007-08-29 10:26:46 UTC 
ppc64 stable
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-08-29 12:26:44 UTC 
ready for glsa decision. pretty classic, but always annoying, so voting yes.
Comment 12 Matt Fleming (RETIRED) gentoo-dev 2007-08-29 14:53:51 UTC 
I vote YES.
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-08 12:11:10 UTC 
glsa request filed.
Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-20 22:02:47 UTC 
GLSA 200709-14, thanks everybody!