[Backports-security-announce] Security Update for clamav

Sebastian Harl uploaded new packages for clamav which fixed the
following security problems:

CVE-2008-5050, Debian BTS #505134

Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers
from an off-by-one-error in its VBA project file processing, leading
to a heap-based buffer overflow and potentially arbitrary code
execution.

CVE-2008-5314, Debian BTS #507624

Ilja van Sprundel discovered that ClamAV contains a denial of service
condition in its JPEG file processing because it does not limit the
recursion depth when processing JPEG thumbnails.

For the etch-backports distribution the problems have been fixed in
version 0.94.dfsg.2-1~bpo40+1.

For the etch-volatile distribution the problems have been fixed in
versions 0.94.dfsg.1-1~volatile1 and 0.94.dfsg.2-1~volatile1.

For the stable distribution (etch), these problems have been fixed in
version 0.90.1dfsg-4etch16

For the testing and unstable distributions (lenny and sid) the problems
have been fixed in versions 0.94.dfsg.1-1 and 0.94.dfsg.2-1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package manually via
"apt-get -t etch-backports install <packagelist>" with the packagelist of your
installed packages affected by this update.
[1] http://backports.org/dokuwiki/doku.php?id=instructions

We recommend to pin the backports repository to 200 so that new versions of
installed backports will be installed automatically.

Package: *
Pin: release a=etch-backports
Pin-Priority: 200

Attachment:
signature.asc
Description: Digital signature