[SUA 181-1] Updated libclamunrar version

To: debian-stable-announce@lists.debian.org
Subject: [SUA 181-1] Updated libclamunrar version
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 06 Jun 2020 20:26:37 +0100
Message-id: <[🔎] 41398b789bca5fa1e4c084bc31e4732d9706659f.camel@adam-barratt.org.uk>
Mail-followup-to: debian-release@lists.debian.org
Reply-to: debian-release@lists.debian.org

-----------------------------------------------------------------------
Debian Stable Updates Announcement SUA 181-1     https://www.debian.org
debian-release@lists.debian.org               Sebastian Andrzej Siewior
June 6th, 2020
-----------------------------------------------------------------------

Package              : libclamunrar
Version              : 0.102.3-0+deb10u1 [buster]
                       0.102.3-0+deb9u1 [stretch]
Importance           : medium


ClamAV is an AntiVirus toolkit for Unix. libclamunrar contains the
non-free additional support modules to allow ClamAV to extract RAR
files for scanning.

This update brings libclamunrar in line with the changes applied to the
clamav package in SUA 180-1. The original text from that advisory is:

Upstream published version 0.102.3.

This is a bug-fix release. The changes are not strictly
required for operation.

Changes since 0.102.2 currently in buster and stretch-updates
include fixes for security issues.

CVE-2020-3327

    Improper bounds checking in the ARJ archive parsing module could
    lead to a Denial of Service.

CVE-2020-3341

    Improper size checking of a buffer used to initialize AES decryption
    routines in the PDF parsing module could lead to a Denial of Service.

If you use libclamunrar, we recommend that you install this update.

Upgrade Instructions
--------------------

You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:

 deb http://ftp.debian.org/debian buster-updates main
 deb-src http://ftp.debian.org/debian buster-updates main

  or

 deb http://ftp.debian.org/debian stretch-updates main
 deb-src http://ftp.debian.org/debian stretch-updates main

You can also use any of the Debian archive mirrors.  See
https://www.debian.org/mirrors/list for the full list of mirrors.

For further information about stable-updates, please refer to
https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: [SUA 180-1] Updated clamav version
Next by Date: [SUA 182-1] Updated ca-certificates package
Previous by thread: [SUA 180-1] Updated clamav version
Next by thread: [SUA 182-1] Updated ca-certificates package
Index(es):
- Date
- Thread