Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
On 2018-07-29 22:01:20 [+0100], Adam D. Barratt wrote:
> <draft>
> ClamAV is an AntiVirus toolkit for Unix.
>
> Upstream published version 0.100.1.
>
> This is a mostly a bug-fix release. The changes are not strictly
> required for operation, but users of the previous version in stretch
> may not be able to make use of all current virus signatures and might
> get warnings.
>
> Changes since 0.100.0 currently in stretch include fixes for two
> security issues.
>
> CVE-2018-0360
>
> ClamAV before 0.100.1 has an HWP integer overflow with a resultant
> infinite loop via a crafted Hangul Word Processor file.
>
> CVE-2018-0361
>
> ClamAV before 0.100.1 lacks a PDF object length check, resulting
> in an unreasonably long time to parse a relatively small file.
> </draft>
perfect, thank you.
> Apologies if the initial section is incorrect, it wasn't entirely clear
> to me whether there would be warnings for the bump from 0.100.0 to
> 0.100.1.
no worries.
> Regards,
>
> Adam
Sebastian
Reply to: