public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH] clamav: Update to 1.0.1
@ 2023-02-17 18:00 Matthias Fischer
  2023-02-20 16:30 ` Michael Tremer
  0 siblings, 1 reply; 2+ messages in thread
From: Matthias Fischer @ 2023-02-17 18:00 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1823 bytes --]

For details see:
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html

"ClamAV 1.0.1 is a critical patch release with the following fixes:

    CVE-2023-20032: Fixed a possible remote code execution
    vulnerability in the HFS+ file parser. The issue affects versions
    1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
    Thank you to Simon Scannell for reporting this issue.

    CVE-2023-20052: Fixed a possible remote information leak
    vulnerability in the DMG file parser. The issue affects versions
    1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
    Thank you to Simon Scannell for reporting this issue.

    Fix an allmatch detection issue with the preclass bytecode hook."

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/clamav | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/clamav b/lfs/clamav
index 24c13f00b..426321c05 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Antivirus Toolkit
 
-VER        = 1.0.0
+VER        = 1.0.1
 
 THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 64
+PAK_VER    = 65
 
 DEPS       =
 
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 62d00a9ceb1849d1517f34194daaa3bb8bbc904e81e3a20791cf0b5f557587cc497e23feb38cdfbb8b152446821eb20d9a4bce18a0c83d1c31474bfed9944c69
+$(DL_FILE)_BLAKE2 = 8f216051eeb94a9196849c9edff2fe0c73e4aa3ca242cf72d91c1692eb2a4688f8e525f638b6870a2f934976435a4272a1f116c1cf3a7cfd194efa91f11fd135
 
 install : $(TARGET)
 
-- 
2.34.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] clamav: Update to 1.0.1
  2023-02-17 18:00 [PATCH] clamav: Update to 1.0.1 Matthias Fischer
@ 2023-02-20 16:30 ` Michael Tremer
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2023-02-20 16:30 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 2064 bytes --]

Thank you. As this is rather critical, I merged this into c173.

> On 17 Feb 2023, at 18:00, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> For details see:
> https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
> 
> "ClamAV 1.0.1 is a critical patch release with the following fixes:
> 
>    CVE-2023-20032: Fixed a possible remote code execution
>    vulnerability in the HFS+ file parser. The issue affects versions
>    1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
>    Thank you to Simon Scannell for reporting this issue.
> 
>    CVE-2023-20052: Fixed a possible remote information leak
>    vulnerability in the DMG file parser. The issue affects versions
>    1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
>    Thank you to Simon Scannell for reporting this issue.
> 
>    Fix an allmatch detection issue with the preclass bytecode hook."
> 
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/clamav | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lfs/clamav b/lfs/clamav
> index 24c13f00b..426321c05 100644
> --- a/lfs/clamav
> +++ b/lfs/clamav
> @@ -26,7 +26,7 @@ include Config
> 
> SUMMARY    = Antivirus Toolkit
> 
> -VER        = 1.0.0
> +VER        = 1.0.1
> 
> THISAPP    = clamav-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = clamav
> -PAK_VER    = 64
> +PAK_VER    = 65
> 
> DEPS       =
> 
> @@ -50,7 +50,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = 62d00a9ceb1849d1517f34194daaa3bb8bbc904e81e3a20791cf0b5f557587cc497e23feb38cdfbb8b152446821eb20d9a4bce18a0c83d1c31474bfed9944c69
> +$(DL_FILE)_BLAKE2 = 8f216051eeb94a9196849c9edff2fe0c73e4aa3ca242cf72d91c1692eb2a4688f8e525f638b6870a2f934976435a4272a1f116c1cf3a7cfd194efa91f11fd135
> 
> install : $(TARGET)
> 
> -- 
> 2.34.1
> 


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-02-20 16:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-17 18:00 [PATCH] clamav: Update to 1.0.1 Matthias Fischer
2023-02-20 16:30 ` Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox