Vulnerabilities flagged in clamav-0.105.1

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Vulnerabilities flagged in clamav-0.105.1
Date: Mon, 07 Nov 2022 21:51:58 +0100	[thread overview]
Message-ID: <7d43a4e5-817b-06c4-95a0-2e19fe3fa2c5@ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 1091 bytes --]

Hi all,

I have just checked the change logs for the latest versions of zlib and libxml2 that I am building and they include fixes to the vulnerabilities flagged up in the clamav-0.105.1 announcement.

The vulnerability for zlib was already fixed in CU171 with the two patch files that Peter added. This patch set has now been integrated into the latest zlib.

The vulnerabilities for libxml2 have fixes for both CVE's in the latest version of libxml2 that was released on October 14th. Both of the CVE's are listed in the CVE website as reserved but with no details but clearly the info has been circulated to the zlib and libxml2 developers and fixes were made a while ago.

Not sure how to find out if CVE's have been raised on packages that IPFire is using so we can use any fixes developed as soon as possible. I knew about the issues with zlib and libxml2 because I saw the announcement of the clamav-0.105.1 release.

Anyway good news, the patches I will submit soon will contain the fixes to the CVE's mentioned in the clamav announcement.

Regards,

Adolf.

next             reply	other threads:[~2022-11-07 20:51 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-07 20:51 Adolf Belka [this message]
2022-11-08 11:09 ` Michael Tremer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7d43a4e5-817b-06c4-95a0-2e19fe3fa2c5@ipfire.org \
    --to=adolf.belka@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox