Package: libclamav4
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for clamav.
CVE-2008-2713[0]:
| libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to
| cause a denial of service via a crafted Petite file that triggers an
| out-of-bounds read.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
The DTSA released for this issue seems to have been incomplete. Please
see this mail[1] and the additional upstream commit[2].
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
http://security-tracker.debian.net/tracker/CVE-2008-2713
[1] http://www.openwall.com/lists/oss-security/2008/07/15/1
[2]
http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920