Debian Security Advisory 1281-2 - On 25 April, the Debian Security Team released clamav 0.90.1-3etch1, an update to the Clam anti-virus toolkit, to address several vulnerabilities. Unfortunately, there was an error in the updated packages and CVE-2007-2029, a file descriptor leak in the PDF document handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing distribution (lenny).
9393c77b1dcc3fe237206a87cf6b51dda9f2e8d6082900ff12269b91061ea3e4
Mandriva Linux Security Advisory - iDefense discovered a stack-based overflow in ClamAV when processing negative values in .cab files. As well, multiple file descriptor leaks were also reported and fixed in chmunpack.c, pdf.c, and dblock.c.
f779297792f061a11dc7ac1e1518200bcda326bb25d5bdc314f18267458a8b86
Debian Security Advisory 1281-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit.
a38856b0a907ccadaf909ee556571f3e4f9135fa58530ccb485635894387737c