[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/etch-security, updated. 957889e9d817a20320daeeeb646f6fab5412dee5

Michael Tautschnig mt at debian.org
Tue Nov 11 21:32:21 UTC 2008 

The following commit has been merged in the debian/etch-security branch:
commit 957889e9d817a20320daeeeb646f6fab5412dee5
Author: Michael Tautschnig <mt at debian.org>
Date:   Tue Nov 11 22:30:54 2008 +0100

    Dpatchified aCaB's backported fix
    
    - Patch backported from 0.94.1 to fix off-by-one error in vba_extract.c,
      allowing for buffer overflows.
    
    Signed-off-by: Michael Tautschnig <mt at debian.org>

diff --git a/debian/changelog b/debian/changelog
index 3986550..44681da 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,12 +1,9 @@
-clamav (0.90.1dfsg-4etch15) stable-security; urgency=low
+clamav (0.90.1dfsg-4etch16) stable-security; urgency=high
 
-  * [CVE-2008-3912]: libclamav/mbox.c, libclamav/message.c: out-of-memory null
-    dereferences
-  * [CVE-2008-3914]: libclamav/htmlnorm.c, libclamav/others.c,
-    libclamav/sis.c: fd leaks
-  * [CVE-2008-3913]: freshclam/manager.c: memory leaks
+  * libclamav/vba_extract.c: off-by-one error causing possible buffer overflow
+    (Closes: #505134)
 
- -- Stephen Gran <sgran at debian.org>  Fri, 05 Sep 2008 16:24:15 +0100
+ -- Stephen Gran <sgran at debian.org>  Tue, 11 Nov 2008 22:29:12 +0100
 
 clamav (0.90.1dfsg-3.1+etch14) stable-security; urgency=high
 
diff --git a/debian/patches/00list b/debian/patches/00list
index f741f85..27caae2 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -23,3 +23,4 @@
 45.mbox.c.CVE-2008-3912.dpatch
 46.fd-leak.CVE-2008-3914.dpatch
 47.manager.c.CVE-2008-3913.dpatch
+48.vba_unicode.c.dpatch
diff --git a/debian/patches/48.vba_unicode.c.dpatch b/debian/patches/48.vba_unicode.c.dpatch
new file mode 100644
index 0000000..f25c5e7
--- /dev/null
+++ b/debian/patches/48.vba_unicode.c.dpatch
@@ -0,0 +1,18 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 48.vba_unicode.c.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: get_unicode_name() off-by-one buffer overflow
+
+ at DPATCH@
+--- a/libclamav/vba_extract.c	2008-11-11 01:25:27.000000000 +0100
++++ b/libclamav/vba_extract.c	2008-11-11 01:26:24.000000000 +0100
+@@ -110,7 +110,7 @@
+                 return NULL;
+         }
+ 
+-        newname = (char *) cli_malloc(size*7);
++        newname = (char *) cli_malloc(size*7+1);
+         if (!newname) {
+                 return NULL;
+         }

-- 
Debian repository for ClamAV

More information about the Pkg-clamav-commits mailing list