Add missing bug and CVE references
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=274
This commit is contained in:
Reinhard Max
Git OBS Bridge
parent
163360e0f4
commit
51084af50e
@ -205,12 +205,13 @@ Wed Feb 15 17:26:43 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
|
||||
and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
|
||||
(bsc#1208365)
|
||||
* Update vendored libmspack library to version 0.11alpha.
|
||||
(bsc#1103032: CVE-2018-14679)
|
||||
- Package huge .html documentation in a separate subpackage.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 5 06:42:21 UTC 2022 - ecsos <ecsos@opensuse.org>
|
||||
|
||||
- Update to 0.103.7
|
||||
- Update to 0.103.7 (bsc#1202986)
|
||||
- Zip parser: tolerate 2-byte overlap in file entries
|
||||
- Fix bug with logical signature Intermediates feature
|
||||
- Update to UnRAR v6.1.7
|
||||
@ -263,7 +264,7 @@ Wed Jan 12 21:04:58 UTC 2022 - Arjen de Korte <suse+build@de-korte.org>
|
||||
* CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
|
||||
This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled
|
||||
with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option
|
||||
(the clamscan --gen-json option) is enabled.
|
||||
(the clamscan --gen-json option) is enabled. (bsc#1194731)
|
||||
* Fixed ability to disable the file size limit with libclamav C API,
|
||||
like this:
|
||||
|
||||
@ -530,7 +531,7 @@ Thu Jul 16 20:02:03 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||||
to trick clamscan, clamdscan, or clamonacc into removing or moving
|
||||
a different file (eg. a critical system file). The issue would
|
||||
affect users that use the --move or --remove options for clamscan,
|
||||
clamdscan, and clamonacc.
|
||||
clamdscan, and clamonacc. (bsc#1174255)
|
||||
* CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing
|
||||
module in ClamAV 0.102.3 that could cause a Denial-of-Service
|
||||
(DoS) condition. Improper bounds checking results in an
|
||||
@ -543,7 +544,7 @@ Thu Jul 16 20:02:03 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||||
NULL pointer dereference. This vulnerability is mitigated for
|
||||
those using the official ClamAV signature databases because the
|
||||
file type signatures in daily.cvd will not enable the EGG archive
|
||||
parser in versions affected by the vulnerability.
|
||||
parser in versions affected by the vulnerability. (bsc#1174250)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 12 17:31:15 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||||
@ -557,7 +558,7 @@ Tue May 12 17:31:15 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||||
ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS)
|
||||
condition. Improper size checking of a buffer used to initialize AES
|
||||
decryption routines results in an out-of-bounds read which may cause
|
||||
a crash.
|
||||
a crash. (bsc#1171981)
|
||||
* Fix "Attempt to allocate 0 bytes" error when parsing some PDF
|
||||
documents.
|
||||
* Fix a couple of minor memory leaks.
|
||||
@ -838,11 +839,11 @@ Thu Apr 26 15:35:15 UTC 2018 - max@suse.com
|
||||
Wed Mar 7 13:15:11 UTC 2018 - max@suse.com
|
||||
|
||||
- Update to security release 0.99.4 (bsc#1083915):
|
||||
* CVE-2012-6706
|
||||
* CVE-2017-6419
|
||||
* CVE-2017-11423
|
||||
* CVE-2012-6706 (bsc#1045315)
|
||||
* CVE-2017-6419 (bsc#1052449)
|
||||
* CVE-2017-11423 (bsc#1049423)
|
||||
* CVE-2018-1000085 (bsc#1082858)
|
||||
* CVE-2018-0202
|
||||
* CVE-2018-0202 (bsc#1083915)
|
||||
- Obsolete patches:
|
||||
* clamav-CVE-2012-6706.patch
|
||||
* clamav-gcc47.patch
|
||||
@ -1006,7 +1007,7 @@ Fri Jun 17 10:07:51 UTC 2016 - martin.liska@suse.com
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 3 11:30:10 UTC 2016 - ecsos@opensuse.org
|
||||
|
||||
- Update to version 0.99.1
|
||||
- Update to version 0.99.1 (bsc#969814)
|
||||
* hwp5.x: fix for streams without names
|
||||
* libclamav: yara: avoid unaliged access to 64bit variable
|
||||
* patch by Mark Allan to add show-progress option to freshclam.
|
||||
@ -1189,6 +1190,7 @@ Wed Nov 19 14:54:58 UTC 2014 - max@suse.com
|
||||
* Resolution of many of the warning messages from ClamAV
|
||||
compilation.
|
||||
* Improved detection of malicious PE files.
|
||||
(bnc#906770, CVE-2014-9050)
|
||||
* Security fix for ClamAV crash when using 'clamscan -a'.
|
||||
* Security fix for ClamAV crash when scanning maliciously
|
||||
crafted yoda's crypter files (bnc#906077, CVE-2013-6497).
|
||||
|
||||
Loading…
Reference in New Issue
Block a user