See tracker bug 622380 URL for details.
app-antivirus/clamav's libclamunrar is affected by the VMSF_DELTA Filter Signedness Error.
Possible fix: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
The bug has been referenced in the following commit(s):
Author: Thomas Deutschmann <email@example.com>
AuthorDate: 2018-02-23 19:00:09 +0000
Commit: Thomas Deutschmann <firstname.lastname@example.org>
CommitDate: 2018-02-23 19:00:23 +0000
app-antivirus/clamav: Rev bump to add patch for CVE-2012-6706
...aka VMSF_DELTA Filter Signedness Error.
Package-Manager: Portage-2.3.24, Repoman-2.3.6
app-antivirus/clamav/clamav-0.99.3-r2.ebuild | 160 ++++++++++++++++++
...lamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch | 186 +++++++++++++++++++++
2 files changed, 346 insertions(+)}
I intend to add 0.99.4 later
(Release annoucement: http://blog.clamav.net/2018/03/clamav-0994-has-been-released.html
I marked =app-antivirus/clamav-0.99.3-r2 stable on x86 because this is the latest version which works on x86. So instead of waiting for a fixed 0.99.4 via bug 649314 which contains more security fixes it is better to get available working fixes ASAP than being vulnerable to everything.
This issue was resolved and addressed in
GLSA 201804-16 at https://security.gentoo.org/glsa/201804-16
by GLSA coordinator Aaron Bauman (b-man).