diff --git a/clamav.changes b/clamav.changes index 8ed67c4..bd26720 100644 --- a/clamav.changes +++ b/clamav.changes @@ -205,12 +205,13 @@ Wed Feb 15 17:26:43 UTC 2023 - Arjen de Korte and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. (bsc#1208365) * Update vendored libmspack library to version 0.11alpha. + (bsc#1103032: CVE-2018-14679) - Package huge .html documentation in a separate subpackage. ------------------------------------------------------------------- Fri Aug 5 06:42:21 UTC 2022 - ecsos -- Update to 0.103.7 +- Update to 0.103.7 (bsc#1202986) - Zip parser: tolerate 2-byte overlap in file entries - Fix bug with logical signature Intermediates feature - Update to UnRAR v6.1.7 @@ -263,7 +264,7 @@ Wed Jan 12 21:04:58 UTC 2022 - Arjen de Korte * CVE-2022-20698: Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option - (the clamscan --gen-json option) is enabled. + (the clamscan --gen-json option) is enabled. (bsc#1194731) * Fixed ability to disable the file size limit with libclamav C API, like this: @@ -530,7 +531,7 @@ Thu Jul 16 20:02:03 UTC 2020 - Arjen de Korte to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, - clamdscan, and clamonacc. + clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an @@ -543,7 +544,7 @@ Thu Jul 16 20:02:03 UTC 2020 - Arjen de Korte NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive - parser in versions affected by the vulnerability. + parser in versions affected by the vulnerability. (bsc#1174250) ------------------------------------------------------------------- Tue May 12 17:31:15 UTC 2020 - Arjen de Korte @@ -557,7 +558,7 @@ Tue May 12 17:31:15 UTC 2020 - Arjen de Korte ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause - a crash. + a crash. (bsc#1171981) * Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents. * Fix a couple of minor memory leaks. @@ -838,11 +839,11 @@ Thu Apr 26 15:35:15 UTC 2018 - max@suse.com Wed Mar 7 13:15:11 UTC 2018 - max@suse.com - Update to security release 0.99.4 (bsc#1083915): - * CVE-2012-6706 - * CVE-2017-6419 - * CVE-2017-11423 + * CVE-2012-6706 (bsc#1045315) + * CVE-2017-6419 (bsc#1052449) + * CVE-2017-11423 (bsc#1049423) * CVE-2018-1000085 (bsc#1082858) - * CVE-2018-0202 + * CVE-2018-0202 (bsc#1083915) - Obsolete patches: * clamav-CVE-2012-6706.patch * clamav-gcc47.patch @@ -1006,7 +1007,7 @@ Fri Jun 17 10:07:51 UTC 2016 - martin.liska@suse.com ------------------------------------------------------------------- Thu Mar 3 11:30:10 UTC 2016 - ecsos@opensuse.org -- Update to version 0.99.1 +- Update to version 0.99.1 (bsc#969814) * hwp5.x: fix for streams without names * libclamav: yara: avoid unaliged access to 64bit variable * patch by Mark Allan to add show-progress option to freshclam. @@ -1189,6 +1190,7 @@ Wed Nov 19 14:54:58 UTC 2014 - max@suse.com * Resolution of many of the warning messages from ClamAV compilation. * Improved detection of malicious PE files. + (bnc#906770, CVE-2014-9050) * Security fix for ClamAV crash when using 'clamscan -a'. * Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files (bnc#906077, CVE-2013-6497).