Reviewed-by: Michael Tremer > On 12 May 2020, at 20:29, Matthias Fischer wrote: > > For details see: > https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html > > "ClamAV 0.102.3 is a bug patch release to address the following issues. > > - CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module > in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition. > Improper bounds checking of an unsigned variable results in an > out-of-bounds read which causes a crash. > > - CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV > 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. > Improper size checking of a buffer used to initialize AES decryption > routines results in an out-of-bounds read which may cause a crash. Bug > found by OSS-Fuzz. > > - Fix "Attempt to allocate 0 bytes" error when parsing some PDF > documents. > > - Fix a couple of minor memory leaks. > > - Updated libclamunrar to UnRAR 5.9.2." > > Signed-off-by: Matthias Fischer > --- > lfs/clamav | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/clamav b/lfs/clamav > index 4688f0fb8..d1dce39ab 100644 > --- a/lfs/clamav > +++ b/lfs/clamav > @@ -24,7 +24,7 @@ > > include Config > > -VER = 0.102.2 > +VER = 0.102.3 > > THISAPP = clamav-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > PROG = clamav > -PAK_VER = 50 > +PAK_VER = 51 > > DEPS = > > @@ -50,7 +50,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = ecf5dd2c5c43aeed1c4b458b2e689847 > +$(DL_FILE)_MD5 = 1577144c66f558fbd8ece3075ea2ac79 > > install : $(TARGET) > > -- > 2.17.1