[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/etch-security, updated. cca61a86f5a94afc8a0e22cad99d7da8702f1366

Michael Tautschnig mt at debian.org
Tue Nov 11 21:42:04 UTC 2008 

The following commit has been merged in the debian/etch-security branch:
commit f338901d39a8f972d600379436af8331ef3f6db1
Author: Michael Tautschnig <mt at debian.org>
Date:   Tue Nov 11 22:40:20 2008 +0100

    Revert "Dpatchified aCaB's backported fix"
    
    This reverts commit 957889e9d817a20320daeeeb646f6fab5412dee5.

diff --git a/debian/changelog b/debian/changelog
index 44681da..3986550 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,12 @@
-clamav (0.90.1dfsg-4etch16) stable-security; urgency=high
+clamav (0.90.1dfsg-4etch15) stable-security; urgency=low
 
-  * libclamav/vba_extract.c: off-by-one error causing possible buffer overflow
-    (Closes: #505134)
+  * [CVE-2008-3912]: libclamav/mbox.c, libclamav/message.c: out-of-memory null
+    dereferences
+  * [CVE-2008-3914]: libclamav/htmlnorm.c, libclamav/others.c,
+    libclamav/sis.c: fd leaks
+  * [CVE-2008-3913]: freshclam/manager.c: memory leaks
 
- -- Stephen Gran <sgran at debian.org>  Tue, 11 Nov 2008 22:29:12 +0100
+ -- Stephen Gran <sgran at debian.org>  Fri, 05 Sep 2008 16:24:15 +0100
 
 clamav (0.90.1dfsg-3.1+etch14) stable-security; urgency=high
 
diff --git a/debian/patches/00list b/debian/patches/00list
index 27caae2..f741f85 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -23,4 +23,3 @@
 45.mbox.c.CVE-2008-3912.dpatch
 46.fd-leak.CVE-2008-3914.dpatch
 47.manager.c.CVE-2008-3913.dpatch
-48.vba_unicode.c.dpatch
diff --git a/debian/patches/48.vba_unicode.c.dpatch b/debian/patches/48.vba_unicode.c.dpatch
deleted file mode 100644
index f25c5e7..0000000
--- a/debian/patches/48.vba_unicode.c.dpatch
+++ /dev/null
@@ -1,18 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 48.vba_unicode.c.dpatch
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: get_unicode_name() off-by-one buffer overflow
-
- at DPATCH@
---- a/libclamav/vba_extract.c	2008-11-11 01:25:27.000000000 +0100
-+++ b/libclamav/vba_extract.c	2008-11-11 01:26:24.000000000 +0100
-@@ -110,7 +110,7 @@
-                 return NULL;
-         }
- 
--        newname = (char *) cli_malloc(size*7);
-+        newname = (char *) cli_malloc(size*7+1);
-         if (!newname) {
-                 return NULL;
-         }

-- 
Debian repository for ClamAV

More information about the Pkg-clamav-commits mailing list