unrar.c Remote DoS in clamav 0.90

The bug is on libclamav/unrar/unrarvm.c

redid the debdiff as Scott Kitterman Suggested since the change in unrar.c was only a displayed string

pbuilder builded fine installed and tested all worked
Asked for the https://wwws.clamav.net/bugzilla/attachment.cgi?id=383&action=view file to the clamav people since I don't have permissions to access it so clamav can be tested for this bug

Checking for edgy and dapper for this vulnerability

Thanks! I adjusted the changelog to use the "feisty-security" pocket as well as adding a link to this bug report. I'm building it now and should have it published shortly.

Archive admins: please sync 0.91.1-1 (or newer) from Debian. (Note that the Debian changelogs appear to be behind a few days at the moment...)

clamav (0.90.2-0ubuntu1.3) feisty-security; urgency=low

  * SECURITY UPDATE: Remote DoS in RAR Files
  * Added 55_cve-2007-3725.dpatch: backported upstream fix (LP: #126471).
  * References
    CVE-2007-3725

 -- Leonel Nunez <email address hidden> Mon, 16 Jul 2007 21:23:43 -0600

Not yet on the mirror we sync from, but someone uploaded 0.91.1-0ubuntu1 to gutsy, so that should be ok for now.

Clamav people send me a corrupted.rar to test
Tested the unpatched clamav with the provided corrupted.rar and the unpatched version ends with a core dumped
updated to clamav 0.90.2-0ubuntu1.3 tested and all worked fine

libclamav reports :
LibClamAV Warning: RAR CRC error. Please report the bug at http://bugs.clamav.net/

Marked Fix Released since Gutsy already has an fixed version.

Tested the provided corrupted.rar on dapper and and it's not vulnerable
Shows error : RAR module failure ERROR

Which version of clamav on Dapper?

Tested the provided corrupted.rar on edgy with clamav 0.88.4 and and it's not vulnerable
Shows error : RAR module failure ERROR

Scott tested with clamav 88.2-1ubuntu1.3