From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Vulnerabilities flagged in clamav-0.105.1 Date: Mon, 07 Nov 2022 21:51:58 +0100 Message-ID: <7d43a4e5-817b-06c4-95a0-2e19fe3fa2c5@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2402884397322070851==" List-Id: --===============2402884397322070851== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi all, I have just checked the change logs for the latest versions of zlib and libxm= l2 that I am building and they include fixes to the vulnerabilities flagged u= p in the clamav-0.105.1 announcement. The vulnerability for zlib was already fixed in CU171 with the two patch file= s that Peter added. This patch set has now been integrated into the latest zl= ib. The vulnerabilities for libxml2 have fixes for both CVE's in the latest versi= on of libxml2 that was released on October 14th. Both of the CVE's are listed= in the CVE website as reserved but with no details but clearly the info has = been circulated to the zlib and libxml2 developers and fixes were made a whil= e ago. Not sure how to find out if CVE's have been raised on packages that IPFire is= using so we can use any fixes developed as soon as possible. I knew about th= e issues with zlib and libxml2 because I saw the announcement of the clamav-0= .105.1 release. Anyway good news, the patches I will submit soon will contain the fixes to th= e CVE's mentioned in the clamav announcement. Regards, Adolf. --===============2402884397322070851==--