From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] clamav: Update to 0.102.1 Date: Fri, 22 Nov 2019 10:06:02 +0000 Message-ID: <6DF5B679-C5A1-4FA4-9F40-9E1D77FEF79C@ipfire.org> In-Reply-To: <20191121165748.1363-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8388474219586474091==" List-Id: --===============8388474219586474091== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Tremer > On 21 Nov 2019, at 16:57, Matthias Fischer = wrote: >=20 > For details see: > https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html >=20 > "Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prio= r: >=20 > CVE-2019-15961: > A Denial-of-Service (DoS) vulnerability may occur when scanning > a specially crafted email file as a result of excessively long scan > times. The issue is resolved by implementing several maximums in parsing > MIME messages and by optimizing use of memory allocation. >=20 > Build system fixes to build clamav-milter, to correctly link with > libxml2 when detected, and to correctly detect fanotify for on-access > scanning feature support. >=20 > Signature load time is significantly reduced by changing to a more > efficient algorithm for loading signature patterns and allocating the AC > trie. Patch courtesy of Alberto Wu. >=20 > Introduced a new configure option to statically link libjson-c with > libclamav. Static linking with libjson is highly recommended to prevent > crashes in applications that use libclamav alongside another JSON > parsing library. >=20 > Null-dereference fix in email parser when using the --gen-json metadata > option. >=20 > Fixes for Authenticode parsing and certificate signature (.crb database) > bugs." >=20 > Signed-off-by: Matthias Fischer > --- > lfs/clamav | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) >=20 > diff --git a/lfs/clamav b/lfs/clamav > index 949117bf0..9c0aab55f 100644 > --- a/lfs/clamav > +++ b/lfs/clamav > @@ -24,7 +24,7 @@ >=20 > include Config >=20 > -VER =3D 0.102.0 > +VER =3D 0.102.1 >=20 > THISAPP =3D clamav-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) > DIR_APP =3D $(DIR_SRC)/$(THISAPP) > TARGET =3D $(DIR_INFO)/$(THISAPP) > PROG =3D clamav > -PAK_VER =3D 47 > +PAK_VER =3D 48 >=20 > DEPS =3D "" >=20 > @@ -50,7 +50,7 @@ objects =3D $(DL_FILE) >=20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > -$(DL_FILE)_MD5 =3D 51e1dff512350284b4b11c3dc2d00da0 > +$(DL_FILE)_MD5 =3D 3d5f5f10a1bea212823050286c8c5b96 >=20 > install : $(TARGET) >=20 > --=20 > 2.18.0 >=20 --===============8388474219586474091==--