Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 21 Nov 2019, at 16:57, Matthias Fischer matthias.fischer@ipfire.org wrote:
For details see: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
"Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:
CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation.
Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support.
Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu.
Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library.
Null-dereference fix in email parser when using the --gen-json metadata option.
Fixes for Authenticode parsing and certificate signature (.crb database) bugs."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
lfs/clamav | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/clamav b/lfs/clamav index 949117bf0..9c0aab55f 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@
include Config
-VER = 0.102.0 +VER = 0.102.1
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 47 +PAK_VER = 48
DEPS = ""
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 51e1dff512350284b4b11c3dc2d00da0 +$(DL_FILE)_MD5 = 3d5f5f10a1bea212823050286c8c5b96
install : $(TARGET)
-- 2.18.0