Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
On Sat, 2018-07-21 at 15:02 +0200, Sebastian Andrzej Siewior wrote:
> clamav upstream published a new version which contains security
> relevant bug fixes, two of them have a CVE number assigned:
>
> CVE-2018-0360
> HWP integer overflow, infinite loop vulnerability. Reported by
> Secunia
> Research at Flexera.
>
> CVE-2018-0361
> ClamAV PDF object length check, unreasonably long time to parse
> relatively small file. Reported by aCaB.
Was the intent that the package would be pushed via -updates?
Regards,
Adam
Reply to: