Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 1108504@bugs.debian.org
Subject: Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sun, 20 Jul 2025 11:49:07 +0200
Message-id: <[🔎] aHy7kzv65e-YgXt-@breakpoint.cc>
Reply-to: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 1108504@bugs.debian.org
In-reply-to: <[🔎] 0477f2b6510478ba87bc423d219b749e1f9a5c70.camel@adam-barratt.org.uk>
References: <20250629213243.I5Jfp4KU@breakpoint.cc> <[🔎] 0477f2b6510478ba87bc423d219b749e1f9a5c70.camel@adam-barratt.org.uk> <20250629213243.I5Jfp4KU@breakpoint.cc>

On 2025-07-19 19:14:28 [+0100], Adam D. Barratt wrote:
> On Sun, 2025-06-29 at 23:32 +0200, Sebastian Andrzej Siewior wrote:
> > ClamAV upstream released 1.0.9 which is their LTS version matching
> > the release in Bookworm. It addresses two CVEs:
> > 
> > - CVE-2025-20128 (Fixed a possible buffer overflow read bug in the
> > OLE2 file parser that could cause a denial-of-service (DoS)
> > condition)
> > - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the
> > PDF file parser that could cause a denial-of-service (DoS) condition
> > or enable remote code execution.)
> 
> I should have checked sooner, but were you looking for this to be
> released as an SUA?

It would be nice given the CVEs that are referenced by upstream. So if
it is not too much work given all the Trixie preparation.

> Regards,
> 
> Adam

Sebastian

Reply to:

References:
- Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#1109575: unblock: acct/6.6.4-8
Next by Date: Bug#1109453: unblock: rust-sequoia-octopus-librnp/1.11.1-2
Previous by thread: Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1
Next by thread: Bug#1109543: unblock: dolfinx-mpc/0.9.1-2
Index(es):
- Date
- Thread