Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 174375 - app-antivirus/clamav Two issues CVE-2007-{1745|1997}
Summary: app-antivirus/clamav Two issues CVE-2007-{1745|1997}
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2/3 [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-13 07:17 UTC by Sune Kloppenborg Jeppesen
Modified: 2007-04-24 15:52 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen gentoo-dev 2007-04-13 07:17:21 UTC
Not sure how serius this is.

From 0.90.2 Changelog

    - libclamav/chmunpack.c: fix fd leak in chm_decompress_stream
      (CVE-2007-1745)
    - libclamav/cab.c: fix buffer overflow, reported through iDefense
      Vulnerability Contributor Program (CVE-2007-1997)
    - libclamav/pdf.c: Fix fd leak on empty objects. Scan in user memory
    - libclamav/lockdb.c: fix fd leak on EACCES/EAGAIN (bb#400)
Comment 1 Andrej Kacian (RETIRED) gentoo-dev 2007-04-13 08:47:50 UTC
Ebuild is in the tree. The nls patch update mentioned in the changelog shouldn't stop anyone from security-stabilizing this version - if anything, it will produce less bugs than the previous patch. :)
Comment 2 Sune Kloppenborg Jeppesen gentoo-dev 2007-04-13 10:07:56 UTC
Thx Ticho.

Arches please test and mark stable. Target keywords are:

clamav-0.90.2.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2007-04-13 11:34:08 UTC
ia64 + x86 stable
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2007-04-13 14:03:21 UTC
sparc stable.
Comment 5 Fernando J. Pereda (RETIRED) gentoo-dev 2007-04-13 14:47:37 UTC
Alpha done.
Comment 6 Peter Weller (RETIRED) gentoo-dev 2007-04-13 14:56:11 UTC
amd64 done
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2007-04-13 16:31:47 UTC
ppc stable
Comment 8 Jeroen Roovers gentoo-dev 2007-04-13 19:25:44 UTC
Stable for HPPA.
Comment 9 Jeremy Huddleston (RETIRED) gentoo-dev 2007-04-13 20:26:31 UTC
You should get the patch in bug #174512 in asap as well so users don't have trouble restarting their clamd process when they do this security update.
Comment 10 Andrej Kacian (RETIRED) gentoo-dev 2007-04-13 20:57:42 UTC
(In reply to comment #9)
> You should get the patch in bug #174512 in asap as well so users don't have
> trouble restarting their clamd process when they do this security update.
> 

It is in. Thanks and sorry for the omission.
Comment 11 Markus Rothe (RETIRED) gentoo-dev 2007-04-15 19:21:15 UTC
ppc64 stable
Comment 12 Sune Kloppenborg Jeppesen gentoo-dev 2007-04-17 05:29:55 UTC
Since this is rated B2/3 I'm calling a vote. I vote YES.
Comment 13 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-19 10:35:42 UTC
voting YES.
Comment 14 NETwork.ORGanization - Alexander Schoberl 2007-04-20 00:46:03 UTC
After updating to 0.90-2 the clamscan will need a lot of time for scanning.

# /usr/bin/clamscan - </dev/null
stdin: OK
----------- SCAN SUMMARY -----------
Known viruses: 215418
Engine version: 0.90.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 53.279 sec (0 m 53 s)

Any resolving idea about this ??
Comment 15 Andrej Kacian (RETIRED) gentoo-dev 2007-04-22 05:38:06 UTC
(In reply to comment #14)
> After updating to 0.90-2 the clamscan will need a lot of time for scanning.

That's an upstream issue, and is/was discussed on upstream mailing lists, if i remember correctly. It's unrelated to this bugzilla entry.
Comment 16 Matthias Geerdsen (RETIRED) gentoo-dev 2007-04-23 15:21:22 UTC
updating status, GLSA is in the queue
Comment 17 Matthias Geerdsen (RETIRED) gentoo-dev 2007-04-24 15:52:19 UTC
GLSA 200704-21

thanks everyone