[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/etch-security, updated. debian/0.90.1dfsg-4etch16-4-g13fceb6

Michael Tautschnig mt at debian.org
Fri Apr 10 13:35:24 UTC 2009 

The following commit has been merged in the debian/etch-security branch:
commit 3b2786307112ba9193a3d3f0c8df1ca73baf1ce1
Author: Michael Tautschnig <mt at debian.org>
Date:   Fri Apr 10 15:26:51 2009 +0200

    Backported patch for CVE-2008-6680

diff --git a/debian/patches/00list b/debian/patches/00list
index 37b710f..31d99ea 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -25,3 +25,4 @@
 47.manager.c.CVE-2008-3913.dpatch
 48.vba_unicode.c.dpatch
 49.special.c.dpatch
+50.pe.c.CVE-2008-6680.dpatch
diff --git a/debian/patches/50.pe.c.CVE-2008-6680.dpatch b/debian/patches/50.pe.c.CVE-2008-6680.dpatch
new file mode 100644
index 0000000..98cf75a
--- /dev/null
+++ b/debian/patches/50.pe.c.CVE-2008-6680.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 50.pe.c.CVE-2008-6680.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: division by zero fix
+
+ at DPATCH@
+diff --git a/libclamav/pe.c b/libclamav/pe.c
+index b61cab2..18d5c71 100644
+--- a/libclamav/pe.c
++++ b/libclamav/pe.c
+@@ -679,7 +679,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
+ 
+ 	cli_dbgmsg("------------------------------------\n");
+ 
+-	if (DETECT_BROKEN && EC32(section_hdr[i].VirtualAddress)%valign) { /* Bad virtual alignment */
++	if (DETECT_BROKEN && (!valign || EC32(section_hdr[i].VirtualAddress)%valign)) { /* Bad virtual alignment */
+ 	    cli_dbgmsg("VirtualAddress is misaligned\n");
+ 	    if(ctx->virname)
+ 	        *ctx->virname = "Broken.Executable";
diff --git a/libclamav/pe.c b/libclamav/pe.c
index b61cab2..18d5c71 100644
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@@ -679,7 +679,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
 
 	cli_dbgmsg("------------------------------------\n");
 
-	if (DETECT_BROKEN && EC32(section_hdr[i].VirtualAddress)%valign) { /* Bad virtual alignment */
+	if (DETECT_BROKEN && (!valign || EC32(section_hdr[i].VirtualAddress)%valign)) { /* Bad virtual alignment */
 	    cli_dbgmsg("VirtualAddress is misaligned\n");
 	    if(ctx->virname)
 	        *ctx->virname = "Broken.Executable";

-- 
Debian repository for ClamAV

More information about the Pkg-clamav-commits mailing list