[Pkg-clamav-devel] Bug#1031536: bullseye-pu: package clamav/0.103.8+dfsg-0+deb11u1
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Fri Feb 17 22:21:20 GMT 2023
Package: release.debian.org
Control: affects -1 + src:clamav
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: bullseye
Severity: normal
ClamAV upstream released 0.103.8 fixing two CVEs:
- CVE-2023-20032: Fixed a possible remote code execution vulnerability in the
HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and
earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting
this issue.
- CVE-2023-20052: Fixed a possible remote information leak vulnerability in the
DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and
earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting
this issue.
See,
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
The 0.103.x series is a LTS release.
I did test the release in a Bullseye VM.
The attached diff has the changes to the docs/ folder removed (it is
auto generated by upsteams and contains a lot of noise).
Unstable has been addressed by the upload of 1.0.1.
Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: clamav-7-to-8.diff
Type: text/x-diff
Size: 40985 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-clamav-devel/attachments/20230217/db2bf6d5/attachment-0001.diff>
More information about the Pkg-clamav-devel
mailing list