Just out of curiosity, did someone forget to apply this months old problem in ClamAV in the current Q2 branch? Just checking since it seems unusually long to go months at a time without a patch. Maybe someone forgot?
The CVE's in question are:
Also, this seems to apply to clamav-0.101.1,1.
I'll re-open the original issue
*** This bug has been marked as a duplicate of bug 236818 ***