From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re:  [PATCH] clamav: Update to 0.102.3
Date: Wed, 13 May 2020 23:01:07 +0100
Message-ID: <F2175136-C938-4173-8A9D-0917EB0E56B2@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7554040493647327077=="
List-Id: <development.lists.ipfire.org>

--===============7554040493647327077==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

=EF=BB=BFReviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 12 May 2020, at 20:29, Matthias Fischer <matthias.fischer(a)ipfire.org> =
wrote:
>=20
> =EF=BB=BFFor details see:
> https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
>=20
> "ClamAV 0.102.3 is a bug patch release to address the following issues.
>=20
> - CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module
> in ClamAV 0.102.2 that could cause a Denial-of-Service (DoS) condition.
> Improper bounds checking of an unsigned variable results in an
> out-of-bounds read which causes a crash.
>=20
> - CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV
> 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition.
> Improper size checking of a buffer used to initialize AES decryption
> routines results in an out-of-bounds read which may cause a crash. Bug
> found by OSS-Fuzz.
>=20
> - Fix "Attempt to allocate 0 bytes" error when parsing some PDF
> documents.
>=20
> - Fix a couple of minor memory leaks.
>=20
> - Updated libclamunrar to UnRAR 5.9.2."
>=20
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/clamav | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>=20
> diff --git a/lfs/clamav b/lfs/clamav
> index 4688f0fb8..d1dce39ab 100644
> --- a/lfs/clamav
> +++ b/lfs/clamav
> @@ -24,7 +24,7 @@
>=20
> include Config
>=20
> -VER        =3D 0.102.2
> +VER        =3D 0.102.3
>=20
> THISAPP    =3D clamav-$(VER)
> DL_FILE    =3D $(THISAPP).tar.gz
> @@ -32,7 +32,7 @@ DL_FROM    =3D $(URL_IPFIRE)
> DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
> TARGET     =3D $(DIR_INFO)/$(THISAPP)
> PROG       =3D clamav
> -PAK_VER    =3D 50
> +PAK_VER    =3D 51
>=20
> DEPS       =3D
>=20
> @@ -50,7 +50,7 @@ objects =3D $(DL_FILE)
>=20
> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>=20
> -$(DL_FILE)_MD5 =3D ecf5dd2c5c43aeed1c4b458b2e689847
> +$(DL_FILE)_MD5 =3D 1577144c66f558fbd8ece3075ea2ac79
>=20
> install : $(TARGET)
>=20
> --=20
> 2.17.1

--===============7554040493647327077==--