diff -Nru clamav-0.99.2+dfsg/debian/changelog clamav-0.99.2+dfsg/debian/changelog
--- clamav-0.99.2+dfsg/debian/changelog	2017-05-02 09:29:54.000000000 +0000
+++ clamav-0.99.2+dfsg/debian/changelog	2017-08-15 20:04:46.000000000 +0000
@@ -1,3 +1,20 @@
+clamav (0.99.2+dfsg-6ubuntu2) artful; urgency=medium
+
+  * SECURITY UPDATE: DoS via crafted e-mail message
+    - debian/patches/CVE-2017-6418.patch: fix invalid read in
+      libclamav/message.c.
+    - CVE-2017-6418
+  * SECURITY UPDATE: DoS via WWPack compression
+    - debian/patches/CVE-2017-6420.patch: add bounds checks to
+      libclamav/wwunpack.c.
+    - debian/patches/CVE-2017-6420-2.patch: fix unit tests in
+      libclamav/wwunpack.c, unit_tests/check_jsnorm.c.
+    - CVE-2017-6420
+  * debian/patches/fix_newer_zlib.patch: fix compatibility with zlib
+    1.2.9 and newer (LP: #1692073).
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 15 Aug 2017 16:04:46 -0400
+
 clamav (0.99.2+dfsg-6ubuntu1) artful; urgency=medium
 
   * Fix build by forcing llvm 3.9
diff -Nru clamav-0.99.2+dfsg/debian/control clamav-0.99.2+dfsg/debian/control
--- clamav-0.99.2+dfsg/debian/control	2017-05-02 09:18:29.000000000 +0000
+++ clamav-0.99.2+dfsg/debian/control	2017-08-15 20:04:46.000000000 +0000
@@ -1,7 +1,8 @@
 Source: clamav
 Section: utils
 Priority: optional
-Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
 Uploaders: Michael Meskes <meskes@debian.org>,
            Michael Tautschnig <mt@debian.org>,
            Scott Kitterman <scott@kitterman.com>,
diff -Nru clamav-0.99.2+dfsg/debian/patches/CVE-2017-6418.patch clamav-0.99.2+dfsg/debian/patches/CVE-2017-6418.patch
--- clamav-0.99.2+dfsg/debian/patches/CVE-2017-6418.patch	1970-01-01 00:00:00.000000000 +0000
+++ clamav-0.99.2+dfsg/debian/patches/CVE-2017-6418.patch	2017-08-08 16:54:57.000000000 +0000
@@ -0,0 +1,37 @@
+From 586a5180287262070637c8943f2f7efd652e4a2c Mon Sep 17 00:00:00 2001
+From: Steven Morgan <stevmorg@cisco.com>
+Date: Thu, 2 Mar 2017 14:41:20 -0500
+Subject: [PATCH] bb11797 - fix invalid read in fuzzed mail file.
+
+---
+ libclamav/message.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+Index: clamav-0.99.2+dfsg/libclamav/message.c
+===================================================================
+--- clamav-0.99.2+dfsg.orig/libclamav/message.c	2017-08-08 12:54:55.404004746 -0400
++++ clamav-0.99.2+dfsg/libclamav/message.c	2017-08-08 12:54:55.400004746 -0400
+@@ -439,8 +439,12 @@ messageAddArgument(message *m, const cha
+ 			 * FIXME: Bounce message handling is corrupting the in
+ 			 * core copies of headers
+ 			 */
+-			cli_dbgmsg("Possible data corruption fixed\n");
+-			p[8] = '=';
++                        if (strlen(p) > 8) {
++                            cli_dbgmsg("Possible data corruption fixed\n");
++                            p[8] = '=';
++                        } else {
++                            cli_dbgmsg("Possible data corruption not fixed\n");
++                        }
+ 		} else {
+ 			if(*p)
+ 				cli_dbgmsg("messageAddArgument, '%s' contains no '='\n", p);
+@@ -676,7 +680,7 @@ messageFindArgument(const message *m, co
+ 				cli_dbgmsg("messageFindArgument: no '=' sign found in MIME header '%s' (%s)\n", variable, messageGetArgument(m, i));
+ 				return NULL;
+ 			}
+-			if((*++ptr == '"') && (strchr(&ptr[1], '"') != NULL)) {
++			if((strlen(ptr) > 2) && (*++ptr == '"') && (strchr(&ptr[1], '"') != NULL)) {
+ 				/* Remove any quote characters */
+ 				char *ret = cli_strdup(++ptr);
+ 				char *p;
diff -Nru clamav-0.99.2+dfsg/debian/patches/CVE-2017-6420-2.patch clamav-0.99.2+dfsg/debian/patches/CVE-2017-6420-2.patch
--- clamav-0.99.2+dfsg/debian/patches/CVE-2017-6420-2.patch	1970-01-01 00:00:00.000000000 +0000
+++ clamav-0.99.2+dfsg/debian/patches/CVE-2017-6420-2.patch	2017-08-08 19:20:14.000000000 +0000
@@ -0,0 +1,44 @@
+From 60671e3deb1df6c626e5c7e13752c2eec1649f98 Mon Sep 17 00:00:00 2001
+From: Steven Morgan <stevmorg@cisco.com>
+Date: Wed, 8 Mar 2017 08:58:28 -0500
+Subject: [PATCH] bb11798 - fix unit tests.
+
+---
+ libclamav/wwunpack.c      | 9 +++------
+ unit_tests/check_jsnorm.c | 2 +-
+ 2 files changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/libclamav/wwunpack.c b/libclamav/wwunpack.c
+index 38c18081c..a13550e8f 100644
+--- a/libclamav/wwunpack.c
++++ b/libclamav/wwunpack.c
+@@ -226,13 +226,10 @@ int wwunpack(uint8_t *exe, uint32_t exesz, uint8_t *wwsect, struct cli_exe_secti
+ 	return CL_EFORMAT;
+     exe[pe+6]=(uint8_t)scount;
+     exe[pe+7]=(uint8_t)(scount>>8);
+-    if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4) ||
+-        !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva, 4) ||
+-        !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva+0x299, 4)) {
++    if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4))
+         cli_dbgmsg("WWPack: unpack memory address out of bounds.\n");
+-        return CL_EFORMAT;
+-    }
+-    cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299);
++    else
++        cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299);
+     cli_writeint32(&exe[pe+0x50], cli_readint32(&exe[pe+0x50])-sects[scount].vsz);
+ 
+     structs = &exe[(0xffff&cli_readint32(&exe[pe+0x14]))+pe+0x18];
+diff --git a/unit_tests/check_jsnorm.c b/unit_tests/check_jsnorm.c
+index 7515a0c18..9587ea469 100644
+--- a/unit_tests/check_jsnorm.c
++++ b/unit_tests/check_jsnorm.c
+@@ -145,7 +145,7 @@ END_TEST
+ 
+ START_TEST (test_token_dval)
+ {
+-	int val = 0.12345;
++	double val = 0.12345;
+ 	yystype tok;
+ 	memset(&tok, 0, sizeof(tok));
+ 
diff -Nru clamav-0.99.2+dfsg/debian/patches/CVE-2017-6420.patch clamav-0.99.2+dfsg/debian/patches/CVE-2017-6420.patch
--- clamav-0.99.2+dfsg/debian/patches/CVE-2017-6420.patch	1970-01-01 00:00:00.000000000 +0000
+++ clamav-0.99.2+dfsg/debian/patches/CVE-2017-6420.patch	2017-08-08 16:55:09.000000000 +0000
@@ -0,0 +1,27 @@
+From dfc00cd3301a42b571454b51a6102eecf58407bc Mon Sep 17 00:00:00 2001
+From: Steven Morgan <stevmorg@cisco.com>
+Date: Fri, 3 Mar 2017 13:56:28 -0500
+Subject: [PATCH] bb19798 - fix out of bound memory access for crafted wwunpack
+ file.
+
+---
+ libclamav/wwunpack.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libclamav/wwunpack.c b/libclamav/wwunpack.c
+index 8611cb604..38c18081c 100644
+--- a/libclamav/wwunpack.c
++++ b/libclamav/wwunpack.c
+@@ -226,6 +226,12 @@ int wwunpack(uint8_t *exe, uint32_t exesz, uint8_t *wwsect, struct cli_exe_secti
+ 	return CL_EFORMAT;
+     exe[pe+6]=(uint8_t)scount;
+     exe[pe+7]=(uint8_t)(scount>>8);
++    if (!CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295, 4) ||
++        !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva, 4) ||
++        !CLI_ISCONTAINED(wwsect, sects[scount].rsz, wwsect+0x295+sects[scount].rva+0x299, 4)) {
++        cli_dbgmsg("WWPack: unpack memory address out of bounds.\n");
++        return CL_EFORMAT;
++    }
+     cli_writeint32(&exe[pe+0x28], cli_readint32(wwsect+0x295)+sects[scount].rva+0x299);
+     cli_writeint32(&exe[pe+0x50], cli_readint32(&exe[pe+0x50])-sects[scount].vsz);
+ 
diff -Nru clamav-0.99.2+dfsg/debian/patches/fix_newer_zlib.patch clamav-0.99.2+dfsg/debian/patches/fix_newer_zlib.patch
--- clamav-0.99.2+dfsg/debian/patches/fix_newer_zlib.patch	1970-01-01 00:00:00.000000000 +0000
+++ clamav-0.99.2+dfsg/debian/patches/fix_newer_zlib.patch	2017-08-15 19:47:31.000000000 +0000
@@ -0,0 +1,52 @@
+Description: fix compatibility with zlib 1.2.9 and newer
+Author: Marc Deslauriers <marc.deslauriers@canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1692073
+
+Index: clamav-0.99.2+dfsg/libclamav/bytecode_api.c
+===================================================================
+--- clamav-0.99.2+dfsg.orig/libclamav/bytecode_api.c	2017-08-08 15:20:06.651685637 -0400
++++ clamav-0.99.2+dfsg/libclamav/bytecode_api.c	2017-08-15 15:45:14.645714766 -0400
+@@ -811,8 +811,20 @@ int32_t cli_bcapi_inflate_init(struct cl
+         cli_dbgmsg("bytecode api: inflate_init: invalid buffers!\n");
+         return -1;
+     }
+-    memset(&stream, 0, sizeof(stream));
+-    ret = inflateInit2(&stream, windowBits);
++
++    b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n);
++    if (!b) {
++        return -1;
++    }
++    ctx->inflates = b;
++    ctx->ninflates = n;
++    b = &b[n-1];
++
++    b->from = from;
++    b->to = to;
++    b->needSync = 0;
++    memset(&b->stream, 0, sizeof(stream));
++    ret = inflateInit2(&b->stream, windowBits);
+     switch (ret) {
+         case Z_MEM_ERROR:
+             cli_dbgmsg("bytecode api: inflateInit2: out of memory!\n");
+@@ -829,20 +841,6 @@ int32_t cli_bcapi_inflate_init(struct cl
+             cli_dbgmsg("bytecode api: inflateInit2: unknown error %d\n", ret);
+             return -1;
+     }
+-
+-    b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n);
+-    if (!b) {
+-        inflateEnd(&stream);
+-        return -1;
+-    }
+-    ctx->inflates = b;
+-    ctx->ninflates = n;
+-    b = &b[n-1];
+-
+-    b->from = from;
+-    b->to = to;
+-    b->needSync = 0;
+-    memcpy(&b->stream, &stream, sizeof(stream));
+     return n-1;
+ }
+ 
diff -Nru clamav-0.99.2+dfsg/debian/patches/series clamav-0.99.2+dfsg/debian/patches/series
--- clamav-0.99.2+dfsg/debian/patches/series	2017-05-02 09:19:21.000000000 +0000
+++ clamav-0.99.2+dfsg/debian/patches/series	2017-08-15 20:04:37.000000000 +0000
@@ -13,3 +13,7 @@
 bb11549-fix-temp-file-cleanup-issue.patch
 Fix_detection_of_libcurl.patch
 zlib-check.patch
+CVE-2017-6418.patch
+CVE-2017-6420.patch
+CVE-2017-6420-2.patch
+fix_newer_zlib.patch
\ No newline at end of file