From owner-cvs-all@FreeBSD.ORG Thu Apr 6 15:20:19 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 996B116A401; Thu, 6 Apr 2006 15:20:19 +0000 (UTC) (envelope-from garga@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F3B843D45; Thu, 6 Apr 2006 15:20:19 +0000 (GMT) (envelope-from garga@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k36FKJWp093803; Thu, 6 Apr 2006 15:20:19 GMT (envelope-from garga@repoman.freebsd.org) Received: (from garga@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k36FKJVd093799; Thu, 6 Apr 2006 15:20:19 GMT (envelope-from garga) Message-Id: <200604061520.k36FKJVd093799@repoman.freebsd.org> From: Renato Botelho Date: Thu, 6 Apr 2006 15:20:18 +0000 (UTC) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: ports/security/clamav Makefile distinfo pkg-plist ports/security/clamav/files clamav-clamd.in clamav-clamd.sh.in clamav-freshclam.in clamav-freshclam.sh.in clamav-milter.in clamav-milter.sh.in X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2006 15:20:19 -0000 garga 2006-04-06 15:20:18 UTC FreeBSD ports repository Modified files: security/clamav Makefile distinfo pkg-plist Added files: security/clamav/files clamav-clamd.in clamav-freshclam.in clamav-milter.in Removed files: security/clamav/files clamav-clamd.sh.in clamav-freshclam.sh.in clamav-milter.sh.in Log: - Update to 0.88.1 -- Fix multiple vulnerabilities * CVE-2006-1614 Damian Put discovered an integer overflow in the PE header parser. This is only exploitable if the ArchiveMaxFileSize option is disabled. * CVE-2006-1615 Format string vulnerabilities in the logging code have been discovered, which might lead to the execution of arbitrary code. * CVE-2006-1630 David Luyer discovered, that ClamAV can be tricked into an invalid memory access in the cli_bitset_set() function, which may lead to a denial of service. - Use USE_RC_SUBR=script PR: ports/95403 Submitted by: garga Approved by: maintainer timeout (mnag on behalf of secteam) Security: VuXML 6a5174bd-c580-11da-9110-00123ffe8333 Revision Changes Path 1.72 +4 -19 ports/security/clamav/Makefile 1.28 +3 -3 ports/security/clamav/distinfo 1.1 +35 -0 ports/security/clamav/files/clamav-clamd.in (new) 1.3 +0 -35 ports/security/clamav/files/clamav-clamd.sh.in (dead) 1.1 +35 -0 ports/security/clamav/files/clamav-freshclam.in (new) 1.3 +0 -35 ports/security/clamav/files/clamav-freshclam.sh.in (dead) 1.1 +46 -0 ports/security/clamav/files/clamav-milter.in (new) 1.4 +0 -46 ports/security/clamav/files/clamav-milter.sh.in (dead) 1.27 +1 -7 ports/security/clamav/pkg-plist