Two bugs were discovered in clamav and are fixed by this release.
One issue is in clamscan, the command line anti-virus scanner included
in the package, which could lead to crashes when scanning certain files
(CVE-2013-6497).
The second issue is in libclamav which caused a heap buffer overflow
when scanning a specially crafted y0da Crypter obfuscated PE file
(CVE-2014-9050). Note that this is remotely exploitable when ClamAV is
used as a mail gateway scanner.
For Debian 6 Squeeze, these issues have been fixed in clamav version 0.98.1+dfsg-1+deb6u4
If you use clamav, we highly recommend that you upgrade to this version.