[Pkg-clamav-devel] Bug#986622: ClamAV 0.103.2 security patch release
Damian Lukowski
debian-bugs at arcsin.de
Sun Apr 11 11:38:38 BST 2021
> CVE-2021-1252 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252>:
> Fix for Excel XLM parser infinite loop. Affects 0.103.0 and 0.103.1 only.
Debian's security tracker claims that stretch and buster are vulnerable. According to the clamav announcement and CVE they
shouldn't be.
> CVE-2021-1405 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405>:
> Fix for mail parser NULL-dereference crash. Affects 0.103.1 and prior.
The clamav announcement and CVE are inconsistent whether 0.102 is affected.
More information about the Pkg-clamav-devel
mailing list