From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] clamav: Update to 0.102.3 Date: Tue, 12 May 2020 21:29:32 +0200 Message-ID: <20200512192932.30993-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0501111993698921131==" List-Id: --===============0501111993698921131== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit For details see: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html "ClamAV 0.102.3 is a bug patch release to address the following issues. - CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. - CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. Bug found by OSS-Fuzz. - Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents. - Fix a couple of minor memory leaks. - Updated libclamunrar to UnRAR 5.9.2." Signed-off-by: Matthias Fischer --- lfs/clamav | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/clamav b/lfs/clamav index 4688f0fb8..d1dce39ab 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@ include Config -VER = 0.102.2 +VER = 0.102.3 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 50 +PAK_VER = 51 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = ecf5dd2c5c43aeed1c4b458b2e689847 +$(DL_FILE)_MD5 = 1577144c66f558fbd8ece3075ea2ac79 install : $(TARGET) -- 2.17.1 --===============0501111993698921131==--