Not sure how serius this is. From 0.90.2 Changelog - libclamav/chmunpack.c: fix fd leak in chm_decompress_stream (CVE-2007-1745) - libclamav/cab.c: fix buffer overflow, reported through iDefense Vulnerability Contributor Program (CVE-2007-1997) - libclamav/pdf.c: Fix fd leak on empty objects. Scan in user memory - libclamav/lockdb.c: fix fd leak on EACCES/EAGAIN (bb#400)
Ebuild is in the tree. The nls patch update mentioned in the changelog shouldn't stop anyone from security-stabilizing this version - if anything, it will produce less bugs than the previous patch. :)
Thx Ticho. Arches please test and mark stable. Target keywords are: clamav-0.90.2.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
ia64 + x86 stable
sparc stable.
Alpha done.
amd64 done
ppc stable
Stable for HPPA.
You should get the patch in bug #174512 in asap as well so users don't have trouble restarting their clamd process when they do this security update.
(In reply to comment #9) > You should get the patch in bug #174512 in asap as well so users don't have > trouble restarting their clamd process when they do this security update. > It is in. Thanks and sorry for the omission.
ppc64 stable
Since this is rated B2/3 I'm calling a vote. I vote YES.
voting YES.
After updating to 0.90-2 the clamscan will need a lot of time for scanning. # /usr/bin/clamscan - </dev/null stdin: OK ----------- SCAN SUMMARY ----------- Known viruses: 215418 Engine version: 0.90.2 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Time: 53.279 sec (0 m 53 s) Any resolving idea about this ??
(In reply to comment #14) > After updating to 0.90-2 the clamscan will need a lot of time for scanning. That's an upstream issue, and is/was discussed on upstream mailing lists, if i remember correctly. It's unrelated to this bugzilla entry.
updating status, GLSA is in the queue
GLSA 200704-21 thanks everyone