Re: [SECURITY] [DSA 1232-1] New clamav packages fix denial of service

4 msg	This is an very serious bug
2 msg	Re: [SECURITY] [DSA-1236-1] New enemies-of-carl...
1 msg	28.082.006 Risiko bancario/ Sanpaolo-Intesa, un...
1 msg	Need UpdateS uncorpmetway Banking.
5 msg	Unable to write files greater than 1GB to udf-f...
1 msg	Re: [SECURITY] [DSA 1233-1] New Linux 2.6.8 pac...
1 msg	Almost free software, but licensed? Unreal? No!...
2 msg	Re: Clam AntiVirus Base64 MIME Attachments Deni...
1 msg	Gestion des quotas
1 msg	Re: [SECURITY] [DSA-1230-1] new l2tpns packages...

Re: [SECURITY] [DSA 1232-1] New clamav packages...
\ Milan P. Stanic (9 Dec 2006)
. \ Stephen Gran (10 Dec 2006)
. . \ Milan P. Stanic (10 Dec 2006)

1 msg	goal games
1 msg	went parole
1 msg	Alexander Jäger is out of the office.
9 msg	Re: Bug#401969: please build using hunspell
1 msg	Updated gnupg package for sarge
1 msg	Re: [SECURITY] [DSA 1228-1] New elinks packages...
8 msg	Re: <MudanÃ§a de e-mail - e-mail change>
8 msg	creative ssh-agent uses
3 msg	Re: [SECURITY] [DSA 1222-1] New proftpd package...

Subject:	Re: [SECURITY] [DSA 1232-1] New clamav packages fix denial of service
Group:	Debian-security
From:	Milan P. Stanic
Date:	10 Dec 2006

On Sun, Dec 10, 2006 at 01:13:29AM +0000, Stephen Gran wrote:
> This one time, at band camp, Milan P. Stanic said:
> > On Sat, Dec 09, 2006 at 03:43:33PM +0100, Moritz Muehlenhoff wrote:
> > > For the unstable distribution (sid) this problem has been fixed in
> > > version 0.86-1.
> > ^^
> > Clamav in testing and unstable is version 0.88.6
>
> Yes, and the problem was fixed in version 0.86. That was the point of
> that statement.

Shouldn't then the DSA say something like "unstable (sid) and testing
(etch) aren't vulnerable because the problem was fixed in version 0.86
already and the clamav in that two releases is version 0.88.6 which is
not vulnerable"?

As it is now it is ambiguous, at least for me.