Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1

To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 1108504@bugs.debian.org
Subject: Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 19 Jul 2025 19:14:28 +0100
Message-id: <[🔎] 0477f2b6510478ba87bc423d219b749e1f9a5c70.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1108504@bugs.debian.org
In-reply-to: <20250629213243.I5Jfp4KU@breakpoint.cc>
References: <20250629213243.I5Jfp4KU@breakpoint.cc> <20250629213243.I5Jfp4KU@breakpoint.cc>

On Sun, 2025-06-29 at 23:32 +0200, Sebastian Andrzej Siewior wrote:
> ClamAV upstream released 1.0.9 which is their LTS version matching
> the release in Bookworm. It addresses two CVEs:
> 
> - CVE-2025-20128 (Fixed a possible buffer overflow read bug in the
> OLE2 file parser that could cause a denial-of-service (DoS)
> condition)
> - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the
> PDF file parser that could cause a denial-of-service (DoS) condition
> or enable remote code execution.)

I should have checked sooner, but were you looking for this to be
released as an SUA?

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1
  - From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Prev by Date: Processed: unblock: golang-github-containers-ocicrypt/1.1.10-3
Next by Date: Bug#1109543: unblock: dolfinx-mpc/0.9.1-2
Previous by thread: Bug#1109539: marked as done (unblock: orange-canvas-core/0.2.5-2)
Next by thread: Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1
Index(es):
- Date
- Thread