- Version 0.98.7 fixes several security issues (bsc#929192) and

other bug fixes/improvements:
  * Fix crash in upx decoder with crafted file. Discovered and
    patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
  * Fix infinite loop condition on crafted y0da cryptor
    file. Identified and patch suggested by Sebastian Andrzej
    Siewior. CVE-2015-2221.
  * Fix crash on crafted petite packed file. Reported and patch
    supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
  * Fix an infinite loop condition on a crafted "xz" archive file.
    This was reported by Dimitri Kirchner and Goulven Guiheux.
    CVE-2015-2668.
  * Apply upstream patch for possible heap overflow in Henry
    Spencer's regex library. CVE-2015-2305.
  * Fix false negatives on files within iso9660 containers. This
    issue was reported by Minzhuan Gong.
  * Fix a couple crashes on crafted upack packed file. Identified
    and patches supplied by Sebastian Andrzej Siewior.
  * Fix a crash during algorithmic detection on crafted PE file.
    Identified and patch supplied by Sebastian Andrzej Siewior.
  * Fix compilation error after ./configure --disable-pthreads.
    Reported and fix suggested by John E. Krokes.
  * Fix segfault scanning certain HTML files. Reported with sample
    by Kai Risku.
  * Improve detections within xar/pkg files.
  * Improvements to PDF processing: decryption, escape sequence
    handling, and file property collection.
  * Scanning/analysis of additional Microsoft Office 2003 XML
    format.

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=117

clamav-0.98.6.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6591245d55445a2ddcc1700964c33b8bf62fe20c75bd9c7746f4fe0735502951
-size 15148292

clamav-0.98.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:282417b707740de13cd8f18d4cbca9ddd181cf96b444db2cad98913a5153e272
+size 15118851

clamav.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Mon May  4 13:39:49 UTC 2015 - max@suse.com
+
+- Version 0.98.7 fixes several security issues (bsc#929192) and
+  other bug fixes/improvements:
+  * Fix crash in upx decoder with crafted file. Discovered and
+    patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
+  * Fix infinite loop condition on crafted y0da cryptor
+    file. Identified and patch suggested by Sebastian Andrzej
+    Siewior. CVE-2015-2221.
+  * Fix crash on crafted petite packed file. Reported and patch
+    supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
+  * Fix an infinite loop condition on a crafted "xz" archive file.
+    This was reported by Dimitri Kirchner and Goulven Guiheux.
+    CVE-2015-2668.
+  * Apply upstream patch for possible heap overflow in Henry
+    Spencer's regex library. CVE-2015-2305.
+  * Fix false negatives on files within iso9660 containers. This
+    issue was reported by Minzhuan Gong.
+  * Fix a couple crashes on crafted upack packed file. Identified
+    and patches supplied by Sebastian Andrzej Siewior.
+  * Fix a crash during algorithmic detection on crafted PE file.
+    Identified and patch supplied by Sebastian Andrzej Siewior.
+  * Fix compilation error after ./configure --disable-pthreads.
+    Reported and fix suggested by John E. Krokes.
+  * Fix segfault scanning certain HTML files. Reported with sample
+    by Kai Risku.
+  * Improve detections within xar/pkg files.
+  * Improvements to PDF processing: decryption, escape sequence
+    handling, and file property collection.
+  * Scanning/analysis of additional Microsoft Office 2003 XML
+    format.
+
 -------------------------------------------------------------------
 Thu Feb  5 10:29:02 UTC 2015 - max@suse.com
 

clamav.spec

@@ -48,7 +48,7 @@ BuildRequires:  bzip2
 Summary:        Antivirus Toolkit
 License:        GPL-2.0
 Group:          Productivity/Security
-Version:        0.98.6
+Version:        0.98.7
 Release:        0
 Url:            http://www.clamav.net
 Requires:       latex2html-pngicons