Not sure how serius this is.
From 0.90.2 Changelog
- libclamav/chmunpack.c: fix fd leak in chm_decompress_stream
- libclamav/cab.c: fix buffer overflow, reported through iDefense
Vulnerability Contributor Program (CVE-2007-1997)
- libclamav/pdf.c: Fix fd leak on empty objects. Scan in user memory
- libclamav/lockdb.c: fix fd leak on EACCES/EAGAIN (bb#400)
Ebuild is in the tree. The nls patch update mentioned in the changelog shouldn't stop anyone from security-stabilizing this version - if anything, it will produce less bugs than the previous patch. :)
Arches please test and mark stable. Target keywords are:
clamav-0.90.2.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
ia64 + x86 stable
Stable for HPPA.
You should get the patch in bug #174512 in asap as well so users don't have trouble restarting their clamd process when they do this security update.
(In reply to comment #9)
> You should get the patch in bug #174512 in asap as well so users don't have
> trouble restarting their clamd process when they do this security update.
It is in. Thanks and sorry for the omission.
Since this is rated B2/3 I'm calling a vote. I vote YES.
After updating to 0.90-2 the clamscan will need a lot of time for scanning.
# /usr/bin/clamscan - </dev/null
----------- SCAN SUMMARY -----------
Known viruses: 215418
Engine version: 0.90.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 53.279 sec (0 m 53 s)
Any resolving idea about this ??
(In reply to comment #14)
> After updating to 0.90-2 the clamscan will need a lot of time for scanning.
That's an upstream issue, and is/was discussed on upstream mailing lists, if i remember correctly. It's unrelated to this bugzilla entry.
updating status, GLSA is in the queue