* [CVE-2024-20506, bsc#1230162]: Changed the logging module to
disable following symlinks on Linux and Unix systems so as to
prevent an attacker with existing access to the 'clamd' or
'freshclam' services from using a symlink to corrupt system
files.
* [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds
read bug in the PDF file parser that could cause a
denial-of-service (DoS) condition.
* https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
- New version 1.4.0:
* Added support for extracting ALZ archives.
* Added support for extracting LHA/LZH archives.
* Added the ability to disable image fuzzy hashing, if needed.
For context, image fuzzy hashing is a detection mechanism
useful for identifying malware by matching images included with
the malware or phishing email/document.
* https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=264
- New version 1.3.2:
* CVE-2024-20506: Changed the logging module to disable following
symlinks on Linux and Unix systems so as to prevent an attacker
with existing access to the 'clamd' or 'freshclam' services from
using a symlink to corrupt system files.
* CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF
file parser that could cause a denial-of-service condition.
* Removed unused Python modules from freshclam tests including
deprecated 'cgi' module that is expected to cause test failures in
Python 3.13.
* Fix unit test caused by expiring signing certificate.
* Fixed a build issue on Windows with newer versions of Rust. Also
upgraded GitHub Actions imports to fix CI failures.
* Fixed an unaligned pointer dereference issue on select architectures.
* Fixes to Jenkins CI pipeline.
- Remove upstreamed 1305.patch
OBS-URL: https://build.opensuse.org/request/show/1198813
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=263
