libclamav/fsg.c: Fix possible integer overflow (acab) Reported by Alex
libclamav/chmunpack.c: Fix possible malloc overflow (trog) Reported by Alex
libclamav/tnef.c: Fix possible crash if the length field is 0 or negative in
headers (njh) Reported by Alex Wheeler (alexbling at gmail.com)
net-mail/antivirus please advise and provide an updated ebuild if needed. I'm
not sure how easy these are to exploit, not much detail provided.
Eh, I have committed the ebuild first thing this morning, when I found sf.net
release announce in my mail, before reading this bug. So, there goes, unstable
for all used arches. :)
Looks like the third mentioned overflow would be easy to exploit, since all it
takes is wrong value in headers of incoming data. Second one should be
exploitable as well, judging from the code, since it deals with too long filename.
As for the first mentioned changelog entry, it's some sort of boundary checking,
but I don't know clamav code too well, so I couldn't say whether it was
something with internal data, or with outside data.
*** Bug 100248 has been marked as a duplicate of this bug. ***
Arches please test and mark stable.
Stable on hppa
Stable on amd64.
stable on ppc64
Stable on alpha, bug 100178.