Security fix for ClamAV crash when using 'clamscan -a'. This issue was identified by Kurt Siefried of Red Hat.
Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files. This issue, as well as several other bugs fixed in this release, were identified by Damien Millescamp of Oppida.
No more details yet.
This sounds more severe:
Please update as soon as possible.
Thanks for reminding me Hanno. I am guilty of seeing the release mail for 0.98.5 but not reading it (therefore I hadn't noticed the security fix)
Looking at it now (just deciding what to do about the new feature which requires libjson-c)
I assume you want it stabilized asap but leaving the rest to Security Team.
Maintainer(s): Please let us know when the ebuild is ready for stabilization, or call for stabilization.
Notes on compromise:
A heap buffer overflow was reported in  in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file.
Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner.
Works for me on 2 machines so afaik ok -> STABLEREQ + CC Arch teams
no extensive tests yet but compiles and runs for me -- amd64
Stable for HPPA.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in
ClamAV before 0.95.4 allows remote attackers to cause a denial of service
(crash) via a crafted y0da Crypter PE file.
Arches, Thank you for your work
Maintainer(s), please drop the vulnerable version(s).
New GLSA Request filed.
+ 09 Dec 2014; Sergey Popov <firstname.lastname@example.org> package.mask:
+ Mask vulnerable versions of app-antivirus/clamav
This issue was resolved and addressed in
GLSA 201412-05 at http://security.gentoo.org/glsa/glsa-201412-05.xml
by GLSA coordinator Mikle Kolyada (Zlogene).
removed old versions after waiting a bit in case there were some issues/complaints.