Two vulnerabilities were identified in Clam AntiVirus (ClamAV), which could be exploited by remote attackers or malware to execute arbitrary commands or cause a denial of service. The first issue is due to a buffer overflow error in "libclamav/upx.c" when processing malformed UPX-packed executables, which could be exploited by attackers to compromise a vulnerable system by sending, to a vulnerable application, emails containing specially crafted files. The second issue is due to an error in "libclamav/fsg.c" when processing specially crafted FSG-packed executables, which could be exploited by attackers to cause the application to enter an infinite loop. http://www.frsirt.com/english/advisories/2005/1774 update to 0.87 available
clamav-0.87 is already in portage, all arch keywords bumped to unstable. I can stabilize x86, as well as amd64, as I'm using clamav on both arches quite extensively.
Archs, test and mark stable : Target KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86" Andrej: feel free to mark on archs you test on, just remove them from Cc: if you do.
Stable on x86 and amd64.
Stable on ppc and hppa.
Stable on SPARC.
Stable on alpha.
stable on ppc64
GLSA 200509-13 ia64 should mark stable to benefit from GLSA
