Version in base suite: 0.90.1dfsg-4etch16 Version in overlay suite: (not present) Base version: clamav_0.90.1dfsg-4etch16 Target version: clamav_0.90.1dfsg-4etch18 Base file: /org/ftp.debian.org/ftp/pool/main/c/clamav/clamav_0.90.1dfsg-4etch16.dsc Target file: /org/ftp.debian.org/queue/o-p-u-new/clamav_0.90.1dfsg-4etch18.dsc clamav-0.90.1dfsg/debian/changelog | 13 +++++ clamav-0.90.1dfsg/debian/patches/00list | 2 clamav-0.90.1dfsg/debian/patches/46.fd-leak.CVE-2008-3914.dpatch | 10 +++- debian/patches/50.pe.c.CVE-2008-6680.dpatch | 20 +++++++++ debian/patches/51.untar.c.CVE-2009-1270.dpatch | 22 ++++++++++ 5 files changed, 64 insertions(+), 3 deletions(-) diff -u clamav-0.90.1dfsg/debian/patches/46.fd-leak.CVE-2008-3914.dpatch clamav-0.90.1dfsg/debian/patches/46.fd-leak.CVE-2008-3914.dpatch --- clamav-0.90.1dfsg/debian/patches/46.fd-leak.CVE-2008-3914.dpatch +++ clamav-0.90.1dfsg/debian/patches/46.fd-leak.CVE-2008-3914.dpatch @@ -52,18 +52,22 @@ fclose(stream_in); return FALSE; diff --git a/libclamav/others.c b/libclamav/others.c -index 1ee20de..e9d9a86 100644 +index 1ee20de..9a08b7c 100644 --- a/libclamav/others.c +++ b/libclamav/others.c -@@ -812,6 +812,8 @@ int cli_filecopy(const char *src, const char *dest) +@@ -811,8 +811,11 @@ int cli_filecopy(const char *src, const char *dest) + return -1; } - if(!(buffer = cli_malloc(FILEBUFF))) +- if(!(buffer = cli_malloc(FILEBUFF))) ++ if(!(buffer = cli_malloc(FILEBUFF))) { + close(s); + close(d); return -1; ++ } while((bytes = cli_readn(s, buffer, FILEBUFF)) > 0) + cli_writen(d, buffer, bytes); diff --git a/libclamav/sis.c b/libclamav/sis.c index 2849265..8fd7192 100644 --- a/libclamav/sis.c diff -u clamav-0.90.1dfsg/debian/patches/00list clamav-0.90.1dfsg/debian/patches/00list --- clamav-0.90.1dfsg/debian/patches/00list +++ clamav-0.90.1dfsg/debian/patches/00list @@ -27,0 +28,2 @@ +50.pe.c.CVE-2008-6680.dpatch +51.untar.c.CVE-2009-1270.dpatch diff -u clamav-0.90.1dfsg/debian/changelog clamav-0.90.1dfsg/debian/changelog --- clamav-0.90.1dfsg/debian/changelog +++ clamav-0.90.1dfsg/debian/changelog @@ -1,3 +1,16 @@ +clamav (0.90.1dfsg-4etch18) oldstable-security; urgency=low + + * [CVE-2008-6680] Fixed division by zero with --detect-broken. + * [CVE-2009-1270] clamd and clamscan get hung up. + + -- Stephen Gran Fri, 10 Apr 2009 15:33:51 +0200 + +clamav (0.90.1dfsg-4etch17) stable-security; urgency=low + + * Corrected error in previous patch for CVE-2008-3914 (thanks Leonel Nunez) + + -- Stephen Gran Wed, 03 Dec 2008 13:26:21 -0800 + clamav (0.90.1dfsg-4etch16) stable-security; urgency=high * [CVE-2008-5050]: libclamav/vba_extract.c: possible buffer overflow only in patch2: unchanged: --- clamav-0.90.1dfsg.orig/debian/patches/51.untar.c.CVE-2009-1270.dpatch +++ clamav-0.90.1dfsg/debian/patches/51.untar.c.CVE-2009-1270.dpatch @@ -0,0 +1,22 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 51.untar.c.CVE-2009-1270.dpatch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: clamd and clamscan hang up fix + +@DPATCH@ +diff --git a/libclamav/untar.c b/libclamav/untar.c +index 6d0257c..a4225b8 100644 +--- a/libclamav/untar.c ++++ b/libclamav/untar.c +@@ -182,6 +182,10 @@ cli_untar(const char *dir, int desc, unsigned int posix, const struct cl_limits + if(skipEntry) { + const int nskip = (size % BLOCKSIZE || !size) ? size + BLOCKSIZE - (size % BLOCKSIZE) : size; + ++ if(nskip < 0) { ++ cli_dbgmsg("cli_untar: got nagative skip size, giving up\n"); ++ return CL_CLEAN; ++ } + cli_dbgmsg("cli_untar: skipping entry\n"); + lseek(desc, nskip, SEEK_CUR); + continue; only in patch2: unchanged: --- clamav-0.90.1dfsg.orig/debian/patches/50.pe.c.CVE-2008-6680.dpatch +++ clamav-0.90.1dfsg/debian/patches/50.pe.c.CVE-2008-6680.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 50.pe.c.CVE-2008-6680.dpatch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: division by zero fix + +@DPATCH@ +diff --git a/libclamav/pe.c b/libclamav/pe.c +index b61cab2..18d5c71 100644 +--- a/libclamav/pe.c ++++ b/libclamav/pe.c +@@ -679,7 +679,7 @@ int cli_scanpe(int desc, cli_ctx *ctx) + + cli_dbgmsg("------------------------------------\n"); + +- if (DETECT_BROKEN && EC32(section_hdr[i].VirtualAddress)%valign) { /* Bad virtual alignment */ ++ if (DETECT_BROKEN && (!valign || EC32(section_hdr[i].VirtualAddress)%valign)) { /* Bad virtual alignment */ + cli_dbgmsg("VirtualAddress is misaligned\n"); + if(ctx->virname) + *ctx->virname = "Broken.Executable";