See tracker bug 622380 URL for details. app-antivirus/clamav's libclamunrar is affected by the VMSF_DELTA Filter Signedness Error. Possible fix: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69c038dd6c5f79aa46eb92543bed649d50857b66 commit 69c038dd6c5f79aa46eb92543bed649d50857b66 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-02-23 19:00:09 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-02-23 19:00:23 +0000 app-antivirus/clamav: Rev bump to add patch for CVE-2012-6706 ...aka VMSF_DELTA Filter Signedness Error. Bug: https://bugs.gentoo.org/623534 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-antivirus/clamav/clamav-0.99.3-r2.ebuild | 160 ++++++++++++++++++ ...lamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch | 186 +++++++++++++++++++++ 2 files changed, 346 insertions(+)}
I intend to add 0.99.4 later (Release annoucement: http://blog.clamav.net/2018/03/clamav-0994-has-been-released.html
x86 stable I marked =app-antivirus/clamav-0.99.3-r2 stable on x86 because this is the latest version which works on x86. So instead of waiting for a fixed 0.99.4 via bug 649314 which contains more security fixes it is better to get available working fixes ASAP than being vulnerable to everything.
This issue was resolved and addressed in GLSA 201804-16 at https://security.gentoo.org/glsa/201804-16 by GLSA coordinator Aaron Bauman (b-man).