Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 904199@bugs.debian.org
Subject: Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Tue, 31 Jul 2018 08:59:59 +0200
Message-id: <[🔎] 20180731065959.t3jj7j7vwz3ysfh2@breakpoint.cc>
Reply-to: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 904199@bugs.debian.org
In-reply-to: <[🔎] 1532898080.3030.254.camel@adam-barratt.org.uk>
References: <[🔎] 20180721130212.w3q3vwwfdrlhjgpt@breakpoint.cc> <[🔎] 1532766268.3030.241.camel@adam-barratt.org.uk> <[🔎] 20180721130212.w3q3vwwfdrlhjgpt@breakpoint.cc> <[🔎] 20180728084808.ipgcuvwejn2qkkeq@breakpoint.cc> <[🔎] 1532898080.3030.254.camel@adam-barratt.org.uk> <[🔎] 20180721130212.w3q3vwwfdrlhjgpt@breakpoint.cc>

On 2018-07-29 22:01:20 [+0100], Adam D. Barratt wrote:
> <draft>
> ClamAV is an AntiVirus toolkit for Unix.
> 
> Upstream published version 0.100.1.
> 
> This is a mostly a bug-fix release. The changes are not strictly
> required for operation, but users of the previous version in stretch
> may not be able to make use of all current virus signatures and might
> get warnings.
> 
> Changes since 0.100.0 currently in stretch include fixes for two
> security issues.
> 
> CVE-2018-0360
> 
>   ClamAV before 0.100.1 has an HWP integer overflow with a resultant
>   infinite loop via a crafted Hangul Word Processor file.
> 
> CVE-2018-0361
> 
>   ClamAV before 0.100.1 lacks a PDF object length check, resulting
>   in an unreasonably long time to parse a relatively small file.
> </draft>

perfect, thank you.

> Apologies if the initial section is incorrect, it wasn't entirely clear
> to me whether there would be warnings for the bump from 0.100.0 to
> 0.100.1.

no worries.

> Regards,
> 
> Adam

Sebastian

Reply to:

References:
- Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
  - From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
  - From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#904777: transition: libraw
Next by Date: Bug#905061: stretch-pu: package mruby/1.2.0+20161228+git30d5424a-1+deb9u1
Previous by thread: Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
Next by thread: Bug#904213: stretch-pu: package libclamunrar/0.99-3+deb9u1
Index(es):
- Date
- Thread