CVE-2009-1241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1241): Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.
The ebuild is in the tree. | *clamav-0.95 (31 Mar 2009) | | 31 Mar 2009; Thomas Raschbacher <lordvan@gentoo.org> +clamav-0.95.ebuild: | version bump As always bumping clamav breaks all the other tools like bugs: 264820 264836
(In reply to comment #1) > The ebuild is in the tree. Aww, I should do update-eix. :/ > As always bumping clamav breaks all the other tools like > bugs: 264820 264836 Should we delay the stabling until these issues are resolved?
fyi 0.95.1 is added too already ..
CVE-2008-6680 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6680): libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. CVE-2009-1270 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1270): libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted file that causes (1) clamd and (2) clamscan to hang.
Can we close this one and instead just concentrate on bug #265545 (<0.95.1 security issue)
adding blocker here anyway .. mail-clamav not added but only on 0.95.1 sec bug.
shouldn't be affected versions dropped from the tree?
GLSA 200903-04
err, GLSA 200909-04