Unspecified vulnerability in ClamAV before 0.95 allows remote
attackers to bypass detection of malware via a modified RAR archive.
The ebuild is in the tree.
| *clamav-0.95 (31 Mar 2009)
| 31 Mar 2009; Thomas Raschbacher <firstname.lastname@example.org> +clamav-0.95.ebuild:
| version bump
As always bumping clamav breaks all the other tools like
bugs: 264820 264836
(In reply to comment #1)
> The ebuild is in the tree.
Aww, I should do update-eix. :/
> As always bumping clamav breaks all the other tools like
> bugs: 264820 264836
Should we delay the stabling until these issues are resolved?
fyi 0.95.1 is added too already ..
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause
a denial of service (crash) via a crafted EXE file that triggers a
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
cause a denial of service (infinite loop) via a crafted file that
causes (1) clamd and (2) clamscan to hang.
Can we close this one and instead just concentrate on bug #265545 (<0.95.1 security issue)
adding blocker here anyway .. mail-clamav not added but only on 0.95.1 sec bug.
shouldn't be affected versions dropped from the tree?
err, GLSA 200909-04