Although clamav regularly doesn't mention security issues in release notes, this contains two issues as being discussed on oss-security.
Please provide an updated ebuild. This might be quite an issue for people running clamav on their mail-gateways...
0.96.1 in CVS.
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1
allows remote attackers to cause a denial of service (crash) via a
malformed PDF file, related to an inconsistency in the calculated
stream length and the real stream length.
Off-by-one error in the parseicon function in libclamav/pe_icons.c in
ClamAV 0.96 allows remote attackers to cause a denial of service
(crash) via a crafted PE icon that triggers an out-of-bounds read,
related to improper rounding during scaling.
All tests passed successful here on x86.
x86 stable, thanks Andreas
Marked ppc/ppc64 stable.
Stable for HPPA.
Fixing the completely screwed up whiteboard.
GLSA together with bug 314087.
GLSA 201009-06, thanks everyone.