Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1
On Sun, 2025-06-29 at 23:32 +0200, Sebastian Andrzej Siewior wrote:
> ClamAV upstream released 1.0.9 which is their LTS version matching
> the release in Bookworm. It addresses two CVEs:
>
> - CVE-2025-20128 (Fixed a possible buffer overflow read bug in the
> OLE2 file parser that could cause a denial-of-service (DoS)
> condition)
> - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the
> PDF file parser that could cause a denial-of-service (DoS) condition
> or enable remote code execution.)
I should have checked sooner, but were you looking for this to be
released as an SUA?
Regards,
Adam
Reply to: