Accepting request 622505 from home:EGDFree:branches:security

- Update to version 0.100.1 * CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV on Windows only). * CVE-2018-0360: HWP integer overflow, infinite loop vulnerability. Reported by Secunia Research at Flexera. * CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file. Reported by aCaB. * Buffer over-read in unRAR code due to missing max value checks in table initialization. Reported by Rui Reis. * Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck. * Buffer length checks when reading integers from non-NULL terminated strings. * Buffer length tracking when reading strings from dictionary objects. * HTTPS support for clamsubmit. * Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only. Patch provided by Guilherme Benkenstein. OBS-URL: https://build.opensuse.org/request/show/622505 OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=168
2018-07-17 21:41:32 +00:00 · 2018-07-17 21:41:32 +00:00 · 1ca8804a22
commit 1ca8804a22
parent f1110218c2
7 changed files with 44 additions and 21 deletions
--- a/clamav-0.100.0.tar.gz
+++ b/clamav-0.100.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c5c5edaf75a3c53ac0f271148fd6447310bce53f448ec7e6205124a25918f65c
-size 16036757
--- a/clamav-0.100.0.tar.gz.sig
+++ b/clamav-0.100.0.tar.gz.sig
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIcBAABAgAGBQJay4N+AAoJEPE/nha8pb+tUiEP/isw/OZ5t183XjjPVV3wtIH1
-xbPkCG5/842Ui8Dd2G14VUEW+abUDueBU1Fn4hPixGVOmXiEmltwlM2R6+qjutVO
-al18jCkJXMq9sfqO0pMom8NDf3mNu9sy3oqARekrnLO1JZI0w5HKAAJg3VaCBBEZ
-YD7XxtuO8R1R9BBSAwx4E1NG9skQ+WAJVlT7ckWCuqW6SafIsqnM2f9KV1lYitod
-7mXl72nPQA3xkiqri1XLZrkiViZyzX5q3LRYdADlHk79MmDZuaaVIfza42SEYjQm
-TYTh5vvi1yUz6qhALFfbqOdOTQLri0gZp00xlmH+5MhVcnHZVAfzA3R57VcleD+o
-LpC9WUAEUL3D15KQlLhrV7Y0D82M79jJDXExRM2TozjUnA3WrQRZZqlJg5iEBHcu
-VP/O7hLNslm8SFRd1SHQ7C4D7X9odW3D64QySEpx9TyUWSesQg/hSO3F9Xj6eBRy
-JWYc90iu8DFedR+QrkwnMIbgbTeYxVjnPwKfI1E8vGrojYFKI3nFATQERRAcnrSz
-FjaffXxkMPULKCi8JqcvomlZkj+W1LvZ9OEdtD92nz4mX/C6tHaPy6A2alByHElp
-CMXYc8IIT3WWFV73O17xBdLhpyJRnmuHQ3IpJMKXh89lgX+t/ABAkWlmQsLy9PpH
-SlfPF6qoRTu2fSlQmEJu
-=KvcM
-----END PGP SIGNATURE-----
--- a/clamav-0.100.1.tar.gz
+++ b/clamav-0.100.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:84e026655152247de7237184ee13003701c40be030dd68e0316111049f58a59f
+size 16154415
--- a/clamav-0.100.1.tar.gz.sig
+++ b/clamav-0.100.1.tar.gz.sig
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJbO66OAAoJEPE/nha8pb+t2SkP/0i9fOLm2FCBs/kRGiGgd4zn
+RxLwsW0Wskf0C/5dLhNHP/aeHSqeWZQdasmIgUzxxGhksp/gxwmH66h5y6qjACU2
+LnDytMr5DuM0rPAfNtOmnCQcpKVXvRA5utboCP7BWBLsfdfi1tF/Sw/JknDzDu5a
+AExBpiclix4EEHa4VkG+pMYpLLYUfxMZgKuq9b3ytWgNbCz0riSugr3hkoL72uRy
+xfrN2S0YkHy1Kw/7zohcHJa1qfPXZ/V6S1iSBCSfk3OTeExJhQIDxlLNTkcBr8L0
+H9Fo6RnQ2ttYtdphKU1suN4spFxBJD94zkOB+0cLfk6sCeYb4BXrqX6t19N+9Z9+
+m2fx2zay12skW/eABFtG82ToWTojCfHhKrRRDZRE8iXh2KUKMUkx7kSjhDRNR9eE
+WIpfAom4vdgDwDOgHwziUqr65l8Dr3NFC1LJl8F0uaFGshbjbtMufD88S0TQCvw6
+pJAZ8ZiTXqtmT9Uyw9aObffA2ekKWOY4k/6Z7ved76GkXC+e922Z+LpRE8wE05Cz
+sqwkzIQMLwwBo3468vB0RFxS14AVyLFVogmYxkhLcZC39yFBZVJF4++efsrlt+vq
+OoJl7JF1NYp8KSGGAIuNY5dyJGtiu709n7ppU6JAY2uhAzEjHYeqM0caDjPDjT2
+/LK7EO0s7O30HEld5gDC
+=xbrK
+-----END PGP SIGNATURE-----
--- a/clamav-disable-timestamps.patch
+++ b/clamav-disable-timestamps.patch
@ -78,4 +78,4 @@
 +_ACEOF
 
 
- VERSION="0.100.0"
+ VERSION="0.100.1"
--- a/clamav.changes
+++ b/clamav.changes
@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Tue Jul 10 08:06:33 UTC 2018 - egdfree@opensuse.org
+
+- Update to version 0.100.1
+  * CVE-2017-16932: Vulnerability in libxml2 dependency (affects
+    ClamAV on Windows only).
+  * CVE-2018-0360: HWP integer overflow, infinite loop
+    vulnerability. Reported by Secunia Research at Flexera.
+  * CVE-2018-0361: ClamAV PDF object length check, unreasonably
+    long time to parse relatively small file. Reported by aCaB.
+  * Buffer over-read in unRAR code due to missing max value checks
+    in table initialization. Reported by Rui Reis.
+  * Libmspack heap buffer over-read in CHM parser. Reported by
+    Hanno Böck.
+  * Buffer length checks when reading integers from non-NULL
+    terminated strings.
+  * Buffer length tracking when reading strings from dictionary
+    objects.
+  * HTTPS support for clamsubmit.
+  * Fix for DNS resolution for users on IPv4-only machines where
+    IPv6 is not available or is link-local only. Patch provided by
+    Guilherme Benkenstein.
+
 -------------------------------------------------------------------
 Thu Apr 26 15:35:15 UTC 2018 - max@suse.com

--- a/clamav.spec
+++ b/clamav.spec
@ -38,7 +38,7 @@ BuildRequires:  zlib-devel
 Summary:        Antivirus Toolkit
 License:        GPL-2.0-only
 Group:          Productivity/Security
-Version:        0.100.0
+Version:        0.100.1
 Release:        0
 Url:            http://www.clamav.net
 Obsoletes:      clamav-db < 0.88.3