pool/clamav
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
124 Commits 2 Branches 0 Tags 1.6 MiB
f1110218c2
Commit Graph

4 Commits

Author SHA256 Message Date
Reinhard Max
506c87a397 - Update to version 0.100.0 (bsc#1089502): 
* FIXME: Add upstream changes here before submitting to Factory.
  * Obsoletes clamav-fix_newer_zlib.patch
- Update key ring and add signature file.
- Remove the logic around building the embedded llvm as the
  system-wide llvm is now auto-detected and used.
- Move pc files from the main to the devel package.

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=161
 2018-04-13 15:16:49 +00:00
Reinhard Max
1c2fe924d1 - Update to security release 0.99.4 (bsc#1083915): 
* CVE-2012-6706
  * CVE-2017-6419
  * CVE-2017-11423
  * CVE-2018-1000085 (bsc#1082858)
  * CVE-2018-0202
- Obsolete patches:
  * clamav-CVE-2012-6706.patch
  * clamav-gcc47.patch

OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=159
 2018-03-07 13:46:42 +00:00
Marcus Meissner
06d9b1e3a6 Accepting request 569976 from home:vitezslav_cizek:branches:security 
- Update to security release 0.99.3 (bsc#1077732)
  * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)
  * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)
  * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability)
    - these vulnerabilities could have allowed an unauthenticated,
      remote attacker to cause a denial of service (DoS) condition
      or potentially execute arbitrary code on an affected device.
  * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)
  * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)
  * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)
  * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)
    - these vulnerabilities could have allowed an unauthenticated,
      remote attacker to cause a denial of service (DoS) condition on an affected device.
  * CVE-2017-6420 (bsc#1052448)
    - this vulnerability allowed remote attackers to cause a denial of service
      (use-after-free) via a crafted PE file with WWPack compression.
  * CVE-2017-6419 (bsc#1052449)
    - ClamAV allowed remote attackers to cause a denial of service
      (heap-based buffer overflow and application crash) or possibly
      have unspecified other impact via a crafted CHM file.
  * CVE-2017-11423 (bsc#1049423)
    - The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha
      allowed remote attackers to cause a denial of service
      (stack-based buffer over-read and application crash) via a crafted CAB file.
  * CVE-2017-6418 (bsc#1052466)
    - ClamAV 0.99.2 allowed remote attackers to cause a denial
      of service (out-of-bounds read) via a crafted e-mail message.
- drop clamav-0.99.2-openssl-1.1.patch (upstream)

OBS-URL: https://build.opensuse.org/request/show/569976
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=151
 2018-01-26 16:21:11 +00:00
Marcus Meissner
a52ab80012 Accepting request 439481 from home:faweiss:branches:security 
OBS-URL: https://build.opensuse.org/request/show/439481
OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=140
 2016-11-10 22:34:49 +00:00