lp:ubuntu/dapper-security/clamav

Created by James Westby on 2011-04-08 and last modified on 2011-04-08
Get this branch:
bzr branch lp:ubuntu/dapper-security/clamav
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

24. By Jamie Strandboge on 2010-09-13

* SECURITY UPDATE: fix integer overflow in BZ2_decompress()
  - libclamav/nsis/bzlib.c: return error if N is larger than 2*1024^2 which
    keeps us from overflowing but leaves enough room for the 900k maximum
    value of the RUNA/RUNB encoding
  - patch based on upstream bzip2
  - CVE-2010-0405

23. By Jamie Strandboge on 2010-05-21

* SECURITY UPDATE: fix crash via heap overflow when processing malformed
  PDF file
  - libclamav/pdf.c: make sure enough space is allocated for tmpbuf in
    cli_pdf()
  - https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016
  - clamav git f0eb394501ec21b9fe67f36cbf5db788711d4236

22. By Scott Kitterman on 2010-04-01

* SECURITY UPDATE: (LP: #553266)
* References clamav bugs #1771 and #1826
* libclamav/mspack.c: fix Quantum decompressor (bb#1771)
  - clamav git 224fee54dd6cd8933d7007331ec2bfca0398d4b4
* libclamav/mspack.c: improve unpacking of malformed cabinets (bb#1826)
  - clamav git 31b77b3fb589ab07e7b4d84f8b3825178864ee51
* debian/clamav-milter.templates: remove comments and blank lines at the
  beginning of the file since Dapper doesn't like them (LP: #558598)

21. By Jamie Strandboge on 2010-03-29

No change rebuild from dapper-backports per microrelease exception

20. By Jamie Strandboge on 2009-04-29

No change rebuild from backports

19. By Scott Kitterman on 2009-01-18

[ Leonel Nunez ]
* SECURITY UPDATE:
* [CVE-2008-5314]: remote attack by sending a specially crafted JPEG
  file
  libclamav/special.c, libclamav/special.h, libclamav/scanners.c
* [CVE-2008-3912]: libclamav/mbox.c, libclamav/message.c:
  out-of-memory null dereferences
* [CVE-2008-3914]: libclamav/htmlnorm.c, libclamav/others.c,
  libclamav/sis.c: fd leaks
* [CVE-2008-3913]: freshclam/manager.c: memory leaks
* added 29_CVE-2008-3912.dpatch 30_CVE-2008-3913.dpatch
   32_cli_check_jpeg_exploit.dpatch 31_CVE-2008-3914.dpatch
* References: LP #271546, #304017

[ Scott Kitterman ]
* SECURITY UPDATE: re-enable modules disabled due to resolved security
  deficiencies:
* References: Clamav svn commit 4550, LP #317923

18. By Leonel Nunez on 2008-11-11

* SECURITY UPDATE: fix off-by-one heap overflow
* References : LP #296704, Debian Bug #505134
* Updated 28_of-by-1.dpatch
  - libclamav/vba_extract.c

17. By Michael Casadevall on 2008-07-17

* SECURITY UPDATE: fix possible DoS due to invalid memory access
* References
  CVE-2008-2713
  Debian Bug #490925
* Updated 27_petite.c.dpatch (LP: #249316)
  - libclamav/petite.c: fix one more spot

16. By Leonel Nunez on 2008-06-09

* SECURITY UPDATE: fix possible invalid memory access
* added 27_petite.c.dpatch: (LP: #238575)
  - libclamav/petite.c: fix possible invalid memory access
* References
  CVE-2008-2713

15. By Jamie Strandboge on 2008-06-02

no change rebuild for -security

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/clamav
This branch contains Public information 
Everyone can see this information.

Subscribers