* SECURITY UPDATE: fix integer overflow in BZ2_decompress()
- libclamav/nsis/bzlib.c: return error if N is larger than 2*1024^2 which
keeps us from overflowing but leaves enough room for the 900k maximum
value of the RUNA/RUNB encoding
- patch based on upstream bzip2
- LP: #625849
- CVE-2010-0405
-- Jamie Strandboge <email address hidden> Mon, 13 Sep 2010 14:44:01 -0500
This bug was fixed in the package clamav - 0.96.1+ dfsg-3ubuntu5. 1
--------------- dfsg-3ubuntu5. 1) maverick; urgency=low
clamav (0.96.1+
* SECURITY UPDATE: fix integer overflow in BZ2_decompress() nsis/bzlib. c: return error if N is larger than 2*1024^2 which
- libclamav/
keeps us from overflowing but leaves enough room for the 900k maximum
value of the RUNA/RUNB encoding
- patch based on upstream bzip2
- LP: #625849
- CVE-2010-0405
-- Jamie Strandboge <email address hidden> Mon, 13 Sep 2010 14:44:01 -0500