Change log for clamav package in Debian
| 1 → 50 of 167 results | First • Previous • Next • Last |
| Published in bullseye-release |
clamav (0.103.10+dfsg-0+deb11u1) bullseye; urgency=medium * Import 0.103.10 -- Sebastian Andrzej Siewior <email address hidden> Sat, 09 Sep 2023 17:25:07 +0200
| Published in bookworm-release |
clamav (1.0.3+dfsg-1~deb12u1) bookworm; urgency=medium * Import 1.0.3 * Remove unnecessary warning messages in freshclam during update. -- Sebastian Andrzej Siewior <email address hidden> Sat, 09 Sep 2023 16:36:13 +0200
| Published in sid-release |
clamav (1.0.3+dfsg-2) unstable; urgency=medium * Remove unnecessary warning messages in freshclam during update. -- Sebastian Andrzej Siewior <email address hidden> Sat, 09 Sep 2023 12:49:40 +0200
| Superseded in sid-release |
clamav (1.0.2+dfsg-1) unstable; urgency=medium
* Import 1.0.2 (Closes: #1050057)
- CVE-2023-20197 (Possible DoS in HFS+ file parser).
- CVE-2023-20212 (Possible DoS in AutoIt file parser).
* Use cmake for xml2 detection (Closes: #949100).
* Replace tomsfastmath with OpenSSL's BN.
* Don't enable clamonacc by default (Closes: #1030171).
* Let the clamav-daemon.socket depend on the service file again
(Closes: #1044136).
-- Sebastian Andrzej Siewior <email address hidden> Sat, 19 Aug 2023 19:07:32 +0200
| Superseded in bullseye-release |
clamav (0.103.8+dfsg-0+deb11u1) bullseye; urgency=medium
* Import 0.103.8 (Closes: #1031509)
- CVE-2023-20032 (Possible RCE in the HFS+ file parser).
- CVE-2023-20052 (Possible information leak in the DMG file parser).
-- Sebastian Andrzej Siewior <email address hidden> Fri, 17 Feb 2023 21:43:57 +0100
clamav (1.0.1+dfsg-2) unstable; urgency=medium * Depend on latest libtfm1 (Closes: #1031896, #1027010). -- Sebastian Andrzej Siewior <email address hidden> Sun, 26 Feb 2023 17:39:06 +0100
| Superseded in sid-release |
clamav (1.0.1+dfsg-1) unstable; urgency=medium
* Import 1.0.1 (Closes: #1031509)
- CVE-2023-20032 (Possible RCE in the HFS+ file parser).
- CVE-2023-20052 (Possible information leak in the DMG file parser).
-- Sebastian Andrzej Siewior <email address hidden> Fri, 17 Feb 2023 20:29:05 +0100
| Superseded in sid-release |
clamav (1.0.0+dfsg-6) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
* Add d/p/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch to fix
rpath issues
[ Scott Kitterman ]
* Remove obsolete usr/share/doc/*/NEWS.gz links from debian/*.links, no
longer provided in the package (Thanks to Paul Wise for reporting)
(Closes: #1029173)
* Complete update of d/copyright for upstream file removal/reorganization
* Restore and update clamav-freshclam and libclamav lintian-overrides for
current lintian
* Drop depends on obsolete package lsb-base
-- Scott Kitterman <email address hidden> Sat, 21 Jan 2023 18:02:12 -0500
| Superseded in sid-release |
clamav (1.0.0+dfsg-5) unstable; urgency=medium
[ Scott Kitterman ]
* Update paths in d/tests/clamd for new source layout
* Add misc:Pre-Depends to clamav-daemon and clamav-milter for
init-system-helpers
* Remove obsolete debian/NEWS file
* More lintian override corrections
* Start of removing obsolete d/copyright entries
[ Sebastian Andrzej Siewior ]
* Fix testsuite on big endian architecures.
-- Scott Kitterman <email address hidden> Fri, 06 Jan 2023 12:33:39 -0500
| Superseded in sid-release |
clamav (1.0.0+dfsg-4) unstable; urgency=medium * Drop unneeded build-depends on rust-lldb (Closes: #1027948). -- Scott Kitterman <email address hidden> Wed, 04 Jan 2023 18:32:47 -0500
| Superseded in sid-release |
clamav (1.0.0+dfsg-3) unstable; urgency=medium
* Upload to unstable
* Directly trigger html docs build to fix lack of html docs and update
clamav-docs.install
* Fixup duplicate globs in d/copyright
* Update paths for new source layout in lintian overrides
* Update clean rule for new tests
* Add debian/source/options to ignore changes in Cargo.lock when regenerated
during build
* Remove obsolete overrides from d/rules
-- Scott Kitterman <email address hidden> Wed, 04 Jan 2023 15:06:03 -0500
| Deleted in experimental-release (Reason: None provided.) |
clamav (1.0.0+dfsg-2) experimental; urgency=medium
[ Scott Kitterman ]
* Add libclamav11 replaces libclamav9 since the libfreshclam so name did not
change (Closes: #1027698).
[ Sebastian Andrzej Siewior ]
* Use a version-script and limit the exported symbols of libclamav and
libfreshclam.
-- Sebastian Andrzej Siewior <email address hidden> Mon, 02 Jan 2023 18:38:42 +0100
| Superseded in experimental-release |
clamav (1.0.0+dfsg-1) experimental; urgency=medium * Update to 1.0.0 (Closes: #1006179). -- Sebastian Andrzej Siewior <email address hidden> Sat, 31 Dec 2022 13:44:59 +0100
| Published in buster-release |
clamav (0.103.6+dfsg-0+deb10u1) buster; urgency=medium
* Import 0.103.6
- CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file
parser).
- CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan
verdict cache check).
- CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file
parser).
- CVE-2022-20785 (Possible memory leak in the HTML file parser/
Javascript normalizer).
- CVE-2022-20792 (Possible multi-byte heap buffer overflow write
vulnerability in the signature database load module.
- Update symbol file.
-- Sebastian Andrzej Siewior <email address hidden> Thu, 26 May 2022 10:19:13 +0200
| Superseded in bullseye-release |
clamav (0.103.7+dfsg-0+deb11u1) bullseye; urgency=medium
* Import 0.103.7
- Update symbol file.
-- Sebastian Andrzej Siewior <email address hidden> Sun, 21 Aug 2022 21:28:52 +0200
| Superseded in sid-release |
clamav (0.103.7+dfsg-1) unstable; urgency=medium
* Import 0.103.7
- Update symbol file.
-- Sebastian Andrzej Siewior <email address hidden> Sun, 14 Aug 2022 21:33:51 +0200
| Superseded in bullseye-release |
clamav (0.103.6+dfsg-0+deb11u1) bullseye; urgency=medium
* Import 0.103.6
- CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file
parser).
- CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan
verdict cache check).
- CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file
parser).
- CVE-2022-20785 (Possible memory leak in the HTML file parser/
Javascript normalizer).
- CVE-2022-20792 (Possible multi-byte heap buffer overflow write
vulnerability in the signature database load module.
- Update symbol file.
-- Sebastian Andrzej Siewior <email address hidden> Thu, 26 May 2022 10:17:16 +0200
| Superseded in sid-release |
clamav (0.103.6+dfsg-1) unstable; urgency=medium
* Import 0.103.6
- CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file
parser).
- CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan
verdict cache check).
- CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file
parser).
- CVE-2022-20785 (Possible memory leak in the HTML file parser/
Javascript normalizer).
- CVE-2022-20792 (Possible multi-byte heap buffer overflow write
vulnerability in the signature database load module.
- Update symbol file.
-- Sebastian Andrzej Siewior <email address hidden> Thu, 12 May 2022 18:55:59 +0200
Available diffs
| Superseded in buster-release |
clamav (0.103.5+dfsg-0+deb10u1) buster; urgency=medium * Import 0.103.5 - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash). - Update symbol file. -- Sebastian Andrzej Siewior <email address hidden> Thu, 13 Jan 2022 21:51:03 +0100
| Superseded in bullseye-release |
clamav (0.103.5+dfsg-0+deb11u1) bullseye; urgency=medium * Import 0.103.5 - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash). - Update symbol file. -- Sebastian Andrzej Siewior <email address hidden> Thu, 13 Jan 2022 21:49:00 +0100
| Superseded in sid-release |
clamav (0.103.5+dfsg-1) unstable; urgency=medium * Import 0.103.5 - CVE-2022-20698 (Fix for invalid pointer read that may cause a crash). - Update symbol file. -- Sebastian Andrzej Siewior <email address hidden> Wed, 12 Jan 2022 21:31:23 +0100
Available diffs
| Superseded in sid-release |
clamav (0.103.4+dfsg-1) unstable; urgency=medium
* Import 0.103.4
- Update symbol file.
* Add clamonacc.8.
* Install clamonacc only on Linux. Patch by Laurent Bigonvill
(Closes: #992776).
* Drop unused libidn11-dev dependency, suggested by Simon Josefsson
(Closes: #991976).
-- Sebastian Andrzej Siewior <email address hidden> Tue, 16 Nov 2021 22:03:15 +0100
Available diffs
| Superseded in buster-release |
clamav (0.103.3+dfsg-0+deb10u1) buster; urgency=medium
* Import 0.103.3
- Update symbol file.
- Regression: clamdscan segfaults with --fdpass --multipass and
ExcludePath (Closes: #988218).
* Remove clamav user on purge (Closes: #987861).
* Remove freshclam.dat on purge.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 04 Sep 2021 15:51:26 +0200
| Superseded in bullseye-release |
clamav (0.103.3+dfsg-0+deb11u1) bullseye; urgency=medium
* Import 0.103.3
- Update symbol file.
- Regression: clamdscan segfaults with --fdpass --multipass and
ExcludePath (Closes: #988218).
* Remove clamav user on purge (Closes: #987861).
* Remove freshclam.dat on purge.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 04 Sep 2021 16:48:13 +0200
| Superseded in sid-release |
clamav (0.103.3+dfsg-1) unstable; urgency=medium
* Import 0.103.2
- Update symbol file.
- Regression: clamdscan segfaults with --fdpass --multipass and
ExcludePath (Closes: #988218).
* Remove clamav user on purge (Closes: #987861).
* Remove freshclam.dat on purge.
-- Sebastian Andrzej Siewior <email address hidden> Fri, 02 Jul 2021 00:06:16 +0200
Available diffs
- diff from 0.103.2+dfsg-2 to 0.103.3+dfsg-1 (20.1 KiB)
| Superseded in buster-release |
clamav (0.103.2+dfsg-0+deb10u1) buster; urgency=medium
[ Sebastian Andrzej Siewior ]
* Import 0.103.2
- CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
- CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
- CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
- Fix testsuite in an IPv6 only environment (Closes: #963853).
- Update symbol file.
- Drop CURL_CA_BUNDLE related patch, changes applied upstream.
(Closes: #986622).
* Rename NEWS.Debian to NEWS.
* Update lintian overrides.
* Update apparmor profile for freshclam. Thanks to Michael Borgelt.
(Closes: #972974)
* Update apparmor profile for clamd. Thanks to Stefano Callegari.
(Closes: #973619).
* Remove deprecated option SafeBrowsing from debconf templates.
[ Helmut Grohne ]
* Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843)
-- Sebastian Andrzej Siewior <email address hidden> Wed, 14 Apr 2021 08:38:52 +0200
clamav (0.103.2+dfsg-2) unstable; urgency=medium * Remove deprecated option SafeBrowsing from debconf templates. -- Sebastian Andrzej Siewior <email address hidden> Thu, 15 Apr 2021 21:59:11 +0200
Available diffs
- diff from 0.103.2+dfsg-1 to 0.103.2+dfsg-2 (23.8 KiB)
| Superseded in sid-release |
clamav (0.103.2+dfsg-1) unstable; urgency=medium
* Import 0.103.2
- CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
- CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
- CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
- Update symbol file.
(Closes: #986622).
-- Sebastian Andrzej Siewior <email address hidden> Mon, 12 Apr 2021 21:31:08 +0200
Available diffs
- diff from 0.103.0+dfsg-3.1 to 0.103.2+dfsg-1 (137.9 KiB)
| Superseded in sid-release |
clamav (0.103.0+dfsg-3.1) unstable; urgency=medium
* Non-maintainer upload.
* debian/patches: Apply upstream patch to fix call of ck_assert_msg (Closes:
#980592)
-- Sebastian Ramacher <email address hidden> Sun, 21 Feb 2021 16:00:07 +0100
Available diffs
- diff from 0.103.0+dfsg-3 to 0.103.0+dfsg-3.1 (16.5 KiB)
| Superseded in sid-release |
clamav (0.103.0+dfsg-3) unstable; urgency=medium
* Update apparmor profile for clamd. Thanks to Stefano Callegari.
(Closes: #973619).
-- Sebastian Andrzej Siewior <email address hidden> Tue, 03 Nov 2020 22:03:19 +0100
Available diffs
| Superseded in sid-release |
clamav (0.103.0+dfsg-2) unstable; urgency=medium
* Update apparmor profile for freshclam. Thanks to Michael Borgelt.
(Closes: #972974)
* Fix testsuite in an IPv6 only environment (Closes: #963853).
-- Sebastian Andrzej Siewior <email address hidden> Sun, 01 Nov 2020 20:29:46 +0100
Available diffs
| Superseded in sid-release |
clamav (0.103.0+dfsg-1) unstable; urgency=medium
* Import 0.103.0
- Drop CURL_CA_BUNDLE related patch, changes applied upstream.
- Update symbol file.
* Rename NEWS.Debian to NEWS.
* Update lintian overrides.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 24 Oct 2020 18:05:10 +0200
| Superseded in buster-release |
clamav (0.102.4+dfsg-0+deb10u1) buster; urgency=medium
* Import 0.102.4
- CVE-2020-3350 (A malicious user trick clamav into moving a different file).
- CVE-2020-3327 (A vulnerability in the ARJ archive parsing module).
- CVE-2020-3481 (A vulnerability in the EGG archive module).
* Update symbol file.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 18 Jul 2020 00:22:32 +0200
| Published in stretch-release |
clamav (0.102.3+dfsg-0~deb9u1) stretch; urgency=medium
[ Sebastian Andrzej Siewior ]
* Import 0.102.3
- CVE-2020-3327 (A vulnerability in the ARJ archive parsing module)
- CVE-2020-3341 (A vulnerability in the PDF parsing module)
* Update symbol file.
[ Scott Kitterman ]
* Add Suggests for unversioned libclamunrar package on clamav-daemon and
clamav binaries
-- Sebastian Andrzej Siewior <email address hidden> Sat, 30 May 2020 00:12:26 +0200
| Superseded in sid-release |
clamav (0.102.4+dfsg-1) unstable; urgency=medium
[ Helmut Grohne ]
* Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843)
[ Scott Kitterman ]
* Add Suggests for unversioned libclamunrar package on clamav-daemon and
clamav binaries
[ Sebastian Andrzej Siewior ]
* Import 0.102.4
- CVE-2020-3350 (A malicious user trick clamav into moving a different file).
- CVE-2020-3327 (A vulnerability in the ARJ archive parsing module).
- CVE-2020-3481 (A vulnerability in the EGG archive module).
* Update symbol file.
-- Sebastian Andrzej Siewior <email address hidden> Fri, 17 Jul 2020 20:30:03 +0200
Available diffs
- diff from 0.102.3+dfsg-1 to 0.102.4+dfsg-1 (19.4 KiB)
| Superseded in sid-release |
clamav (0.102.3+dfsg-1) unstable; urgency=medium * Import 0.102.3 - CVE-2020-3327 (A vulnerability in the ARJ archive parsing module) - CVE-2020-3341 (A vulnerability in the PDF parsing module) * Update symbol file. -- Sebastian Andrzej Siewior <email address hidden> Sat, 16 May 2020 17:12:04 +0200
Available diffs
| Superseded in buster-release |
clamav (0.102.2+dfsg-0+deb10u1) buster; urgency=medium
* Import 0.102.2
- CVE-2020-3123 (DoS may occur in the optional DLP feature)
(Closes: 950944).
* Update symbol file.
* Set ReceiveTimeout to 0 which is upstream default.
* Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
to set the CA bundle (like curl does) (Closes: #951057).
* Recommend ca-certificates, new freshclash uses https by default.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 22 Feb 2020 14:39:45 +0100
| Superseded in sid-release |
clamav (0.102.2+dfsg-2) unstable; urgency=medium
* Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
to set the CA bundle (like curl does) (Closes: #951057).
* Recommend ca-certificates, new freshclash uses https by default.
* Bump standards-version to 4.5.0 without further change
* Use dh-compat level 12.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 22 Feb 2020 13:41:02 +0100
| Superseded in sid-release |
clamav (0.102.2+dfsg-1) unstable; urgency=medium
* Import 0.102.2
- CVE-2020-3123 (DoS may occur in the optional DLP feature)
(Closes: 950944).
* Update symbol file.
* Set ReceiveTimeout to 0 which is upstream default.
-- Sebastian Andrzej Siewior <email address hidden> Sun, 09 Feb 2020 20:24:46 +0100
| Superseded in stretch-release |
clamav (0.102.1+dfsg-0+deb9u2) stretch; urgency=medium
* clamav-daemon: Correct error from ScanOnAccess option removal so that
setting LogFile options via DebConf works again (Closes: #950296)
-- Scott Kitterman <email address hidden> Fri, 31 Jan 2020 16:49:37 -0500
| Superseded in buster-release |
clamav (0.102.1+dfsg-0+deb10u2) buster; urgency=medium
* clamav-daemon: Correct error from ScanOnAccess option removal so that
setting LogFile options via DebConf works again (Closes: #950296)
-- Scott Kitterman <email address hidden> Fri, 31 Jan 2020 16:49:37 -0500
| Superseded in sid-release |
clamav (0.102.1+dfsg-3) unstable; urgency=medium
* clamav-daemon: Do not cause an error on start if /run/clamav already
exists
* clamav-daemon: Correct error from ScanOnAccess option removal so that
setting LogFile options via DebConf works again (Closes: #950296)
(LP: #1861497)
-- Scott Kitterman <email address hidden> Fri, 31 Jan 2020 16:49:37 -0500
| Superseded in sid-release |
clamav (0.102.1+dfsg-2) unstable; urgency=medium * Add the clamonacc binary to the clamav-daemon package. * Drop ScanOnAccess option. The clamonacc provides this functionality. -- Sebastian Andrzej Siewior <email address hidden> Mon, 23 Dec 2019 20:54:21 +0100
| Superseded in sid-release |
clamav (0.102.1+dfsg-1) unstable; urgency=medium
* Import 0.102.1 (Closes: #945265)
- CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan
times).
- Let freshclam show progress during download (Closes: #690789).
* Update symbol file.
* Add libfreshclam to the libclamav9 package.
-- Sebastian Andrzej Siewior <email address hidden> Sat, 30 Nov 2019 19:22:15 +0100
| Superseded in stretch-release |
clamav (0.101.4+dfsg-0+deb9u1) stretch; urgency=medium
* Import 0.101.4 (Closes: 921190)
- CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
(Closes:934359)
- CVE-2019-12900 (An out of bounds write was possible within ClamAV's
NSIS bzip)
- update symbols file (bump to 101.4 and drop unused cli_strnstr).
-- Sebastian Andrzej Siewior <email address hidden> Sun, 25 Aug 2019 14:08:40 +0200
| Superseded in buster-release |
clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium
* Import 0.101.4
- CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
(Closes:934359)
- CVE-2019-12900 (An out of bounds write was possible within ClamAV's
NSIS bzip)
- update symbols file (bump to 101.4 and drop unused cli_strnstr).
-- Sebastian Andrzej Siewior <email address hidden> Sun, 25 Aug 2019 12:53:19 +0200
| Superseded in sid-release |
clamav (0.101.4+dfsg-1) unstable; urgency=medium
* Import 0.101.4
- CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
(Closes:934359)
- CVE-2019-12900 (An out of bounds write was possible within ClamAV's
NSIS bzip)
- update symbols file (bump to 101.4 and drop unused cli_strnstr).
-- Sebastian Andrzej Siewior <email address hidden> Sun, 25 Aug 2019 12:38:25 +0200
| Superseded in sid-release |
clamav (0.101.2+dfsg-3) unstable; urgency=medium
* Cherry-pick a fix from 0.101.3 to address a vulnerability to
non-recursive zip bombs.
-- Sebastian Andrzej Siewior <email address hidden> Tue, 06 Aug 2019 21:42:06 +0200
| Superseded in sid-release |
clamav (0.101.2+dfsg-2) unstable; urgency=medium
* Remove python from build-depends:
- Only needed for llvm, which is currently (and probably permanently)
disabled
- Support python2 removal, if this comes back, it will need to be python3
-- Scott Kitterman <email address hidden> Fri, 02 Aug 2019 09:20:43 -0400
| Superseded in stretch-release |
clamav (0.100.3+dfsg-0+deb9u1) stretch; urgency=medium
* New upstream security release
- Fixes for the following vulnerabilities:
- [CVE-2019-1787]:
An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data.
- [CVE-2019-1789]:
An out-of-bounds heap read condition may occur when scanning PE files
(i.e. Windows EXE and DLL files) that have been packed using Aspack as a
result of inadequate bound-checking.
- [CVE-2019-1788]:
An out-of-bounds heap write condition may occur when scanning OLE2 files
such as Microsoft Office 97-2003 documents. The invalid write happens when
an invalid pointer is mistakenly used to initialize a 32bit integer to
zero. This is likely to crash the application.
* Update debian/copyright
* Update private symbols for new upstream release
-- Scott Kitterman <email address hidden> Fri, 29 Mar 2019 19:40:34 -0400
| 1 → 50 of 167 results | First • Previous • Next • Last |
