[Backports-security-announce] Security Update for clamav

Sebastian Harl uploaded new packages for clamav which fixed the
following security problems:

CVE-2008-6680, DSA-1771-1, Debian bug #523016

Attackers can cause a denial of service (crash) via a crafted EXE
file that triggers a divide-by-zero error.

CVE-2009-1270, DSA-1771-1, Debian bug #523016

Attackers can cause a denial of service (infinite loop) via a
crafted tar file that causes (1) clamd and (2) clamscan to hang.

CVE-2009-1371, DSA-1771-1

Attackers can cause a denial of service (crash) via a crafted EXE
file that crashes the UPack unpacker.

Debian bug #535881

The parsing engine can be bypassed by manipulating CAB, RAR, ZIP
archives in a "certain way" that the Clamav engine cannot extract
the content but the end user is able to.

For the etch-backports distribution the problems have been fixed in
version 0.95.2+dfsg-2~bpo40+1.

The lenny-backports distribution does not include clamav packages and,
thus, is not affected.

Upgrade instructions

If you don't use pinning [1] you have to update the package manually via
"apt-get -t etch-backports install <packagelist>", where <packagelist>
is the list of your installed packages affected by this update.

[1] http://backports.org/dokuwiki/doku.php?id=instructions

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically.

Package: *
Pin: release a=etch-backports
Pin-Priority: 200