Thank you. As this is rather critical, I merged this into c173.
On 17 Feb 2023, at 18:00, Matthias Fischer matthias.fischer@ipfire.org wrote:
For details see: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
"ClamAV 1.0.1 is a critical patch release with the following fixes:
CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
Fix an allmatch detection issue with the preclass bytecode hook."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
lfs/clamav | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/clamav b/lfs/clamav index 24c13f00b..426321c05 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -26,7 +26,7 @@ include Config
SUMMARY = Antivirus Toolkit
-VER = 1.0.0 +VER = 1.0.1
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 64 +PAK_VER = 65
DEPS =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 62d00a9ceb1849d1517f34194daaa3bb8bbc904e81e3a20791cf0b5f557587cc497e23feb38cdfbb8b152446821eb20d9a4bce18a0c83d1c31474bfed9944c69 +$(DL_FILE)_BLAKE2 = 8f216051eeb94a9196849c9edff2fe0c73e4aa3ca242cf72d91c1692eb2a4688f8e525f638b6870a2f934976435a4272a1f116c1cf3a7cfd194efa91f11fd135
install : $(TARGET)
-- 2.34.1