From Changelog: libclamav/fsg.c: Fix possible integer overflow (acab) Reported by Alex Wheeler. libclamav/chmunpack.c: Fix possible malloc overflow (trog) Reported by Alex Wheeler. libclamav/tnef.c: Fix possible crash if the length field is 0 or negative in headers (njh) Reported by Alex Wheeler (alexbling at gmail.com)
net-mail/antivirus please advise and provide an updated ebuild if needed. I'm not sure how easy these are to exploit, not much detail provided.
Eh, I have committed the ebuild first thing this morning, when I found sf.net release announce in my mail, before reading this bug. So, there goes, unstable for all used arches. :)
Looks like the third mentioned overflow would be easy to exploit, since all it takes is wrong value in headers of incoming data. Second one should be exploitable as well, judging from the code, since it deals with too long filename. As for the first mentioned changelog entry, it's some sort of boundary checking, but I don't know clamav code too well, so I couldn't say whether it was something with internal data, or with outside data.
*** Bug 100248 has been marked as a duplicate of this bug. ***
Arches please test and mark stable.
Stable on hppa
Stable on amd64.
sparc stable.
ppc stable
x86 happy
stable on ppc64
Stable on alpha, bug 100178. Thx kloeri
GLSA 200507-25