From b5b97e006ab9182f94309b018382eb7d5f2a123c25b26e3c5e1b82857bf3120a Mon Sep 17 00:00:00 2001
From: Reinhard Max <max@suse.com>
Date: Fri, 29 Mar 2019 12:01:14 +0000
Subject: [PATCH] * CVE-2019-1786:     An out-of-bounds heap read condition may
 occur when scanning malformed     PDF documents as a result of improper
 bounds-checking.   * CVE-2019-1785:     A path-traversal write condition may
 occur as a result of improper     input validation when scanning RAR
 archives.   * CVE-2019-1798:     A use-after-free condition may occur as a
 result of improper error     handling when scanning nested RAR archives.   *
 Add missing headers to fix build of packages against libclamav.

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=184
---
 clamav.changes | 12 +++++++++++-
 clamav.spec    |  2 +-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/clamav.changes b/clamav.changes
index 2c4d79a..99e11a8 100644
--- a/clamav.changes
+++ b/clamav.changes
@@ -15,6 +15,16 @@ Wed Mar 27 17:30:05 UTC 2019 - Andrey Karepin <egdfree@opensuse.org>
     such as Microsoft Office 97-2003 documents. The invalid write happens when
     an invalid pointer is mistakenly used to initialize a 32bit integer to
     zero. This is likely to crash the application.
+  * CVE-2019-1786:
+    An out-of-bounds heap read condition may occur when scanning malformed
+    PDF documents as a result of improper bounds-checking.
+  * CVE-2019-1785:
+    A path-traversal write condition may occur as a result of improper
+    input validation when scanning RAR archives.
+  * CVE-2019-1798:
+    A use-after-free condition may occur as a result of improper error
+    handling when scanning nested RAR archives.
+
 - added clamav-max_patch.patch to fix build
 - dropped clamav-freshclam-exit.patch
 
@@ -22,7 +32,7 @@ Wed Mar 27 17:30:05 UTC 2019 - Andrey Karepin <egdfree@opensuse.org>
 Mon Jan 21 17:30:15 UTC 2019 - Reinhard Max <max@suse.com>
 
 - Update to version 0.101.1:
-  * more details will be added later
+  * Add missing headers to fix build of packages against libclamav.
 - Add missing include for str.h to libclamav/others_common.c
   (clamav-str-h.patch)
 
diff --git a/clamav.spec b/clamav.spec
index 590e074..4c1f202 100644
--- a/clamav.spec
+++ b/clamav.spec
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #