[ this was initially sent on 2014-11-27, but did not reach the list due to a mistake on my side ]
Package : clamav Version : 0.98.1+dfsg-1+deb6u4 CVE ID : CVE-2014-9050 CVE-2013-6497 Debian Bug : #770985
Two bugs were discovered in clamav and are fixed by this release.
One issue is in clamscan, the command line anti-virus scanner included in the package, which could lead to crashes when scanning certain files (CVE-2013-6497). The second issue is in libclamav which caused a heap buffer overflow when scanning a specially crafted y0da Crypter obfuscated PE file (CVE-2014-9050). Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner.
If you use clamav, we highly recommend that you upgrade to this version.