-
clamav (0.92.1~dfsg2-1.1~feisty3.1) feisty-security; urgency=low
* SECURITY UPDATE: fix possible DoS due to invalid memory access
* Updated 27_petite.c.dpatch (LP: #249316)
- libclamav/petite.c: fix one more spot
* References
CVE-2008-2713
Debian Bug #490925
-- Michael Casadevall <email address hidden> Thu, 17 Jul 2008 06:03:13 +0000
-
clamav (0.92.1~dfsg2-1.1~feisty3) feisty-security; urgency=low
* SECURITY UPDATE: fix possible invalid memory access
* added 27_petite.c.dpatch: (LP: #238575)
- libclamav/petite.c: fix possible invalid memory access
* References
CVE-2008-2713
-- Leonel Nunez <email address hidden> Mon, 9 Jun 2008 13:07:42 -0600
-
clamav (0.92.1~dfsg2-1.1~feisty2) feisty-security; urgency=low
* no change rebuild for -security
-- Jamie Strandboge <email address hidden> Mon, 02 Jun 2008 13:50:40 -0400
-
clamav (0.92.1~dfsg2-1.1~feisty1) feisty-backports; urgency=low
* Automated backport upload; no source changes.
clamav (0.92.1~dfsg2-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* This update addresses the following security issue:
- CVE-2008-1833: heap-based buffer overflow allows remote
attackers to execute arbitrary code via a crafted WWPack compressed
PE binary (Closes: #476694).
clamav (0.92.1~dfsg2-1) unstable; urgency=high
* libclamav/pe.c: possible integer overflow in wwpack
* [CVE-2008-1100]: libclamav/pe.c: possible integer overflow in upack
* [CVE-2008-1387]: libclamav/spin.c: possible integer overflow
* libclamav/unarj.c: DoS in unarj
clamav (0.92.1~dfsg2-0.1) unstable; urgency=low
* Non-maintainer upload.
* Remove non-free unrar files and repack orig.tar.gz (Closes: #470073)
clamav (0.92.1~dfsg-1) unstable; urgency=low
* New upstream bugfix release
- [2007-6595]: libclamav/others.c: symlink vulnerability
cli_gentempfd now calls open with O_EXCL (closes: #458532)
- [CVE-2008-0318]: libclamav/pe.c: possible integer overflow
- libclamav/mew.c: possible heap corruption
* Add a note to NEWS.Debian about unrar support being dropped
(closes: #465203)
* clamav-milter: off-by-one programming error in pingServer
(closes: #458204)
* Copyright now complete (thanks Scott Kitterman <email address hidden>)
(closes: #456770)
* Attempt to work around clamav-milter not bothering to check if another
instance is running on startup (reported as LP bug 179169)
clamav (0.92~dfsg-3) unstable; urgency=low
* Copyright clarifications (closes: #456770) (thanks
Scott Kitterman <email address hidden>)
clamav (0.92~dfsg-2) unstable; urgency=low
* Drop obsolete option NodalCoreAcceleration (closes: #457051)
clamav (0.92~dfsg-1) unstable; urgency=medium
* New upstream version
- urgency medium due to 3 CVEs:
* [CVE-2007-6336]: libclamav/mspack.c: Off-by-1 error in LZX_READ_HUFFSYM
* [CVE-2007-6337]: libclamav/nsis/bzlib_private.h: bzlib issue
* [CVE-2007-6335]: libclamav/pe.c: MEW PE File Integer Overflow
- would be urgency=high, except we have soname transition
- new package libclamav3 thanks to that
- Memory optimizations in trie building (closes: #420391)
- Don't create circular lists when two version of the same database are
loaded (closes: #454052)
- sigtool prints name of file being processed (closes: #414246)
- now displays message number during mbox scans with debug enabled
(closes: #452543)
- clamav-milter now accepts HUP to reopen logfile (closes: #414993)
* Packaging changes:
* Check that directories shipped in the .deb exist before chowning them.
This is apparently an unreported problem for some Ubuntu users
* Patches:
- remove 25_wrong_shebang.dpatch (merged upstream)
- add 25_skip_sendmail.cf.dpatch (closes: #312575)
* Translations:
- fr (closes: #454128)(thanks Christian Perrier <email address hidden>)
* Handle new option LogTime for freshclam
* Move clamav-docs to section 'doc'
* Catch all cases where the init script is called from freshclam's postinst
and make sure invoke-rc.d is used if available
* Freshen patches
clamav (0.91.2-4) unstable; urgency=low
* i18n rework (closes: #444801)
* New translations:
- cs (closes: #446786)(thanks Miroslav Kure <email address hidden>)
- de (closes: #447489)(thanks Helge Kreutzmann <email address hidden>)
- es (closes: #445605)(thanks Javier Fernández-Sanguino Peña <email address hidden>)
- fi (closes: #447000)(thanks Esko Arajärvi <email address hidden>)
- gl (closes: #446473)(thanks Jacobo Tarrio <email address hidden>)
- it (closes: #445348)(thanks Cristian Rigamonti <email address hidden>)
- ja (closes: #446208)(thanks Kenshi Muto <email address hidden>)
- pt (closes: #447291)(thanks Ricardo Silva <email address hidden>)
- pt_BR (closes: #446940)(thanks Felipe Augusto van de Wiel (faw)
<email address hidden>)
- ru (closes: #447356)(thanks Yuri Kozlov <email address hidden>)
- vi (closes: #446898)(thanks Clytie Siddall <email address hidden>)
* Get rid of some unused debconf notes
* Update NEWS.Debian retroactively to quiet lintian
* Add Build-Dep on po-debconf and call debconf-updatepo in clean target
* Better watch file (closes: #449622) (thanks Raphael Geissert
<email address hidden>)
* Better integration between postfix and clamav-milter (closes: #446404)
-- Scott Kitterman <email address hidden> Tue, 29 Apr 2008 14:10:40 +0100
-
clamav (0.92~dfsg-2~feisty1) feisty-backports; urgency=low
* Automated backport upload; no source changes.
clamav (0.92~dfsg-2) unstable; urgency=low
* Drop obsolete option NodalCoreAcceleration (closes: #457051)
clamav (0.92~dfsg-1) unstable; urgency=medium
* New upstream version
- urgency medium due to 3 CVEs:
* [CVE-2007-6336]: libclamav/mspack.c: Off-by-1 error in LZX_READ_HUFFSYM
* [CVE-2007-6337]: libclamav/nsis/bzlib_private.h: bzlib issue
* [CVE-2007-6335]: libclamav/pe.c: MEW PE File Integer Overflow
- would be urgency=high, except we have soname transition
- new package libclamav3 thanks to that
- Memory optimizations in trie building (closes: #420391)
- Don't create circular lists when two version of the same database are
loaded (closes: #454052)
- sigtool prints name of file being processed (closes: #414246)
- now displays message number during mbox scans with debug enabled
(closes: #452543)
- clamav-milter now accepts HUP to reopen logfile (closes: #414993)
* Packaging changes:
* Check that directories shipped in the .deb exist before chowning them.
This is apparently an unreported problem for some Ubuntu users
* Patches:
- remove 25_wrong_shebang.dpatch (merged upstream)
- add 25_skip_sendmail.cf.dpatch (closes: #312575)
* Translations:
- fr (closes: #454128)(thanks Christian Perrier <email address hidden>)
* Handle new option LogTime for freshclam
* Move clamav-docs to section 'doc'
* Catch all cases where the init script is called from freshclam's postinst
and make sure invoke-rc.d is used if available
* Freshen patches
clamav (0.91.2-4) unstable; urgency=low
* i18n rework (closes: #444801)
* New translations:
- cs (closes: #446786)(thanks Miroslav Kure <email address hidden>)
- de (closes: #447489)(thanks Helge Kreutzmann <email address hidden>)
- es (closes: #445605)(thanks Javier Fernández-Sanguino Peña <email address hidden>)
- fi (closes: #447000)(thanks Esko Arajärvi <email address hidden>)
- gl (closes: #446473)(thanks Jacobo Tarrio <email address hidden>)
- it (closes: #445348)(thanks Cristian Rigamonti <email address hidden>)
- ja (closes: #446208)(thanks Kenshi Muto <email address hidden>)
- pt (closes: #447291)(thanks Ricardo Silva <email address hidden>)
- pt_BR (closes: #446940)(thanks Felipe Augusto van de Wiel (faw)
<email address hidden>)
- ru (closes: #447356)(thanks Yuri Kozlov <email address hidden>)
- vi (closes: #446898)(thanks Clytie Siddall <email address hidden>)
* Get rid of some unused debconf notes
* Update NEWS.Debian retroactively to quiet lintian
* Add Build-Dep on po-debconf and call debconf-updatepo in clean target
* Better watch file (closes: #449622) (thanks Raphael Geissert
<email address hidden>)
* Better integration between postfix and clamav-milter (closes: #446404)
-- SpecialK <email address hidden> Fri, 4 Jan 2008 11:25:36 +0000
-
clamav (0.91.2-3ubuntu2.3~feisty1) feisty-backports; urgency=low
* Source backport for gutsy-security update (LP: #191637)
- Remove un-needed build-dep on libcurl4-gnutls-dev and dependency on
libcurl3-gnutls
-- Scott Kitterman <email address hidden> Wed, 13 Feb 2008 13:37:56 -0500
-
clamav (0.91.2-3ubuntu2.2~feisty1) feisty-backports; urgency=low
* Source backport to remove unneeded build-dep not available in Feisty
(LP: #181830)
- Remove build-dep on libcurl4-gnutls-dev and dependency on libcurl3-gnutls
-- Scott Kitterman <email address hidden> Fri, 11 Jan 2008 00:17:01 -0500
-
clamav (0.91.2-3ubuntu2.1~feisty2) feisty-backports; urgency=low
* Source backport to remove unneeded build-dep not available in Feisty
(LP: #180466)
- Remove build-dep on libcurl4-gnutls-dev and dependency on libcurl3-gnutls
-- Scott Kitterman <email address hidden> Fri, 04 Jan 2008 20:39:23 -0500
-
clamav (0.91.2-3ubuntu2.1~feisty1) feisty-backports; urgency=low
* Automated backport upload; no source changes.
clamav (0.91.2-3ubuntu2.1) gutsy-security; urgency=low
* SECURITY UPDATE: Remote code execution
* [CVE-2007-6336]: libclamav/mspack.c: Off-by-one error in LZX_READ_HUFFSYM
* [CVE-2007-6335]: libclamav/pe.c: MEW PE File Integer Overflow
clamav (0.91.2-3ubuntu2) gutsy; urgency=low
* Correct Postfix socket location for clamav-milter in
debian/clamav-milter.default (LP: #151850)
clamav (0.91.2-3ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Update debian/watch so it works
- Add libcurl3-gnutls depends for clamav-freshclam, clamav-milter,
clamav-daemon
- In debian/clamav-base.postinst.in add test on upgrade to create
/var/run/clamav if it does not exist
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
- Add an explicit Build-Depends on libcurl4-gnutls-dev.
clamav (0.91.2-3) unstable; urgency=low
* Remove spurious dependency on libcurl3-dev from libclamav-dev
(closes: #440771)
clamav (0.91.2-2ubuntu1) gutsy; urgency=low
* Merge from Debian unstable (LP: #135846). Remaining Ubuntu changes:
- Update debian/watch so it works
- Add libcurl3-gnutls depends for clamav-freshclam, clamav-milter,
clamav-daemon
- In debian/clamav-base.postinst.in add test on upgrade to create
/var/run/clamav if it does not exist
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
* Add an explicit Build-Depends on libcurl4-gnutls-dev (was libcurl-dev).
* Change Build-Depends in libclamav-dev to libcurl4-gnutls-dev
(was libcurl3-dev).
clamav (0.91.2-2) unstable; urgency=low
* Use the correct variable for $user (closes: #439253)
* Guard against unset $DatabaseDirectory (closes: #439913)
* Make it easier to use clamav-milter with postfix (closes: #434995)
* Fix shebang paths in contrib directories (closes: #439352)
* Quiet clamav-milter startup (closes: #438454)
clamav (0.91.2-1) unstable; urgency=low
* New upstream version
- fix call to tolower() which led to a crash in libclamav
- fix possible NULL dereference, e.g. when parsing email with RFC2397
URI
- fix floating point exception when using ScanOLE2
- fix possible NULL dereference in rtf.c
clamav (0.91.2-0ubuntu1) gutsy; urgency=low
* New upstream release
- Update debian/postinst.in to deal with new DetectPUA feature.
* Update debian/watch so it works
clamav (0.91.1-2ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Add libcurl3 depends for clamav-freshclam, clamav-milter, clamav-daemon
- In debian/clamav-base.postinst.in add test on upgrade to create
/var/run/clamav if it does not exist
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.91.1-2) unstable; urgency=low
* Move database files to -base package (closes: #434505)
* Use right config option to determine freshclam's uid (closes: #436204)
* Freshclam ignore.d.server update for cdiff downloads (closes: #435199)
clamav (0.91.1-1ubuntu3) gutsy; urgency=low
* Add libcurl3 depends for clamav-freshclam, clamav-milter, clamav-daemon
- Upstream README that claim libcurl dependency was removed is wrong.
clamav (0.91.1-1ubuntu2) gutsy; urgency=low
* In debian/clamav-base.postinst.in add test on upgrade to create
/var/run/clamav if it does not exist (LP: #117932)
clamav (0.91.1-1ubuntu1) gutsy; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.91.1-1) unstable; urgency=low
* New upstream version
* Patches:
- drop 25_phishcheck-crash.dpatch (upstream)
clamav (0.91.1-0ubuntu1) gutsy; urgency=low
* New upstream release
clamav (0.91-2) unstable; urgency=low
* Pull 25_phishcheck-crash.dpatch from upstream svn to fix a possible crash
in phishcheck.c
* Handle new Phish* options (no longer experimental code)
clamav (0.91-1) unstable; urgency=low
* New upstream version (closes: #432857)
* Fixes long database load time (closes: #423879, #427154, #428675, #432334)
* [CVE-2007-3725] DoS in unrarvm.c
- This should make this urgency=high, but I am nervous about some changes
in clamav.h. After discussion with the Release Wizard, I am not going
to bump the soname unilaterally, but I am going to delay the migration
to testing to catch any problems.
* Patch rework:
- freshen 02_milter_sendmail_version_patch
- freshen 03_etc_files_patch
- 20_clamscan-manpage-update.dpatch obsoleted
- freshen 24_nullmailer_ftbfs.dpatch
clamav (0.91-0ubuntu1) gutsy; urgency=low
* New upstream release
- Freshen 02_milter_sendmail_version_patch
- Freshen 03_etc_files_patch
- Freshen 20_clamscan-manpage-update.dpatch
clamav (0.90.3-2ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.3-2) unstable; urgency=low
* Fix newaliases test to not fail when newaliases isn't present
(closes: #431990)
* Quiet freshclam warnings when run from cron (closes: #427420)
clamav (0.90.3-1ubuntu3) gutsy; urgency=low
* Rebuild for the libcurl transition mess.
clamav (0.90.3-1ubuntu2) gutsy; urgency=low
* Stop clamav-base postinst from bailing out when which newaliases
doesn't return anything (fix from Soren Hansen) (LP: #39853)
clamav (0.90.3-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.3-1) unstable; urgency=low
* New upstream version
- Fixes segfault in segfault handler (closes: #420593)
- Fixes slow load times seen in earlier 09.x versions
(closes: #425796, #425661)
* Stop using killproc for reloading logs, at least until it stops removing
pidfiles out from under us (closes: #424618)
clamav (0.90.2-4ubuntu1) gutsy; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.2-4) unstable; urgency=low
* Make sure su gets a shell (closes: #424772)
* Correct previous chown/chmod breakage (closes: #424758)
clamav (0.90.2-3) unstable; urgency=low
* freshclam.postinst: s/chown/chmod/. Argg. (closes: #424128)
clamav (0.90.2-2) unstable; urgency=low
* clamav-milter pid recognition fixup (closes: #419983)
* clamav-freshclam doesn't need to copy in full databases if .inc directory
is present (closes: #420024)
* The init scripts now su to $User before starting the daemons
(closes: #413624)
* Oh, fine. Remove your /var/run on every reboot for no good reason
(closes: #406576)
* chown 0755 the .inc directories. This is a hack to workaround a temporary
bug that is now fixed upstream, and we can drop this soon (hopefully)
(closes: #417985)
* Update Build-Dependncies to also use libcurl-dev (closes: #423623)
clamav (0.90.2-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- debian/clamav-base.init-stub, debian/clamav-daemon.init,
debian/rules: init script stub for common setup functions.
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.2-1) unstable; urgency=low
* New upstream version
- Fixes reconnect issue in non-block-connect (closes: #418935)
- Fixes a segfault in pdf scanning (closes: #418849)
* Update description to reflect new features in 0.9x (closes: #414884)
* Translation:
- Ru (thanks Yuriy Talakan <email address hidden>)(closes: #416342)
* Logcheck rule update for freshclam
(thanks Jefferson Cowart <email address hidden>) (closes: #415073)
-- SpecialK <email address hidden> Fri, 4 Jan 2008 15:41:42 +0000
-
clamav (0.91.2-3ubuntu2~feisty1) feisty-backports; urgency=low
* Backport to feisty: libcurl4-gnutls-dev -> libcurl3-gnutls-dev
-- LaMont Jones <email address hidden> Tue, 16 Oct 2007 17:29:43 -0600
-
clamav (0.91.1-1ubuntu3~feisty1) feisty-backports; urgency=low
* Automated backport upload; no source changes.
clamav (0.91.1-1ubuntu3) gutsy; urgency=low
* Add libcurl3 depends for clamav-freshclam, clamav-milter, clamav-daemon
- Upstream README that claim libcurl dependency was removed is wrong.
clamav (0.91.1-1ubuntu2) gutsy; urgency=low
* In debian/clamav-base.postinst.in add test on upgrade to create
/var/run/clamav if it does not exist (LP: #117932)
clamav (0.91.1-1ubuntu1) gutsy; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.91.1-1) unstable; urgency=low
* New upstream version
* Patches:
- drop 25_phishcheck-crash.dpatch (upstream)
clamav (0.91.1-0ubuntu1) gutsy; urgency=low
* New upstream release
clamav (0.91-2) unstable; urgency=low
* Pull 25_phishcheck-crash.dpatch from upstream svn to fix a possible crash
in phishcheck.c
* Handle new Phish* options (no longer experimental code)
clamav (0.91-1) unstable; urgency=low
* New upstream version (closes: #432857)
* Fixes long database load time (closes: #423879, #427154, #428675, #432334)
* [CVE-2007-3725] DoS in unrarvm.c
- This should make this urgency=high, but I am nervous about some changes
in clamav.h. After discussion with the Release Wizard, I am not going
to bump the soname unilaterally, but I am going to delay the migration
to testing to catch any problems.
* Patch rework:
- freshen 02_milter_sendmail_version_patch
- freshen 03_etc_files_patch
- 20_clamscan-manpage-update.dpatch obsoleted
- freshen 24_nullmailer_ftbfs.dpatch
clamav (0.91-0ubuntu1) gutsy; urgency=low
* New upstream release
- Freshen 02_milter_sendmail_version_patch
- Freshen 03_etc_files_patch
- Freshen 20_clamscan-manpage-update.dpatch
clamav (0.90.3-2ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.3-2) unstable; urgency=low
* Fix newaliases test to not fail when newaliases isn't present
(closes: #431990)
* Quiet freshclam warnings when run from cron (closes: #427420)
clamav (0.90.3-1ubuntu3) gutsy; urgency=low
* Rebuild for the libcurl transition mess.
clamav (0.90.3-1ubuntu2) gutsy; urgency=low
* Stop clamav-base postinst from bailing out when which newaliases
doesn't return anything (fix from Soren Hansen) (LP: #39853)
clamav (0.90.3-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.3-1) unstable; urgency=low
* New upstream version
- Fixes segfault in segfault handler (closes: #420593)
- Fixes slow load times seen in earlier 09.x versions
(closes: #425796, #425661)
* Stop using killproc for reloading logs, at least until it stops removing
pidfiles out from under us (closes: #424618)
clamav (0.90.2-4ubuntu1) gutsy; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.2-4) unstable; urgency=low
* Make sure su gets a shell (closes: #424772)
* Correct previous chown/chmod breakage (closes: #424758)
clamav (0.90.2-3) unstable; urgency=low
* freshclam.postinst: s/chown/chmod/. Argg. (closes: #424128)
clamav (0.90.2-2) unstable; urgency=low
* clamav-milter pid recognition fixup (closes: #419983)
* clamav-freshclam doesn't need to copy in full databases if .inc directory
is present (closes: #420024)
* The init scripts now su to $User before starting the daemons
(closes: #413624)
* Oh, fine. Remove your /var/run on every reboot for no good reason
(closes: #406576)
* chown 0755 the .inc directories. This is a hack to workaround a temporary
bug that is now fixed upstream, and we can drop this soon (hopefully)
(closes: #417985)
* Update Build-Dependncies to also use libcurl-dev (closes: #423623)
clamav (0.90.2-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- debian/clamav-base.init-stub, debian/clamav-daemon.init,
debian/rules: init script stub for common setup functions.
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.2-1) unstable; urgency=low
* New upstream version
- Fixes reconnect issue in non-block-connect (closes: #418935)
- Fixes a segfault in pdf scanning (closes: #418849)
* Update description to reflect new features in 0.9x (closes: #414884)
* Translation:
- Ru (thanks Yuriy Talakan <email address hidden>)(closes: #416342)
* Logcheck rule update for freshclam
(thanks Jefferson Cowart <email address hidden>) (closes: #415073)
-- Scott Kitterman <email address hidden> Thu, 2 Aug 2007 17:59:40 +0100
-
clamav (0.90.2-0ubuntu1.7) feisty-security; urgency=low
* SECURITY UPDATE: Possible heap corruption
* Added 60_cve-2008-0728.dpatch
* References: CVE-2008-0728 ( LP: #213500 )
-- Leonel Nunez <email address hidden> Tue, 8 Apr 2008 03:01:56 -0600
-
clamav (0.90.2-0ubuntu1.6) feisty-security; urgency=low
* Security UPDATE: (LP: #191150)
libclamav/pe.c: possible integer overflow
libclamav/others.c: tempfile symlink vulnerability
Thanks to Stephen Gran <email address hidden> for the patches
* References
CVE-2008-0318
CVE-2007-6595
-- Scott Kitterman <email address hidden> Mon, 11 Feb 2008 23:03:18 -0500
-
clamav (0.90.2-0ubuntu1.5) feisty-security; urgency=low
* Security UPDATE: Remode code execution
libclamav/mspack.c: Off-by-one error in LZX_READ_HUFFSYM
libclamav/pe.c: MEW PE File Integer Overflow
* References
CVE-2007-6335
CVE-2007-6336
-- Leonel Nunez <email address hidden> Wed, 19 Dec 2007 22:16:49 +0000
-
clamav (0.90.2-0ubuntu1.4) feisty-security; urgency=low
* SECURITY UPDATE: Remote DoS and Remote code execution (LP: #141073).
* Added 56_cve-2007-4510.dpatch: libclamav/rfc.c, libclamav/htmlnorm.c:
fix DoS in RTF and RFC2397 Parsers.
* Added 57_cve-2007-4560.dpatch: clamav-milter/clamav-milter.c: fix remote
command execution.
* References
CVE-2007-4510
CVE-2005-4560
-- Leonel Nunez <email address hidden> Wed, 19 Sep 2007 18:51:01 -0600
-
clamav (0.90.2-0ubuntu1.3) feisty-security; urgency=low
* SECURITY UPDATE: Remote DoS in RAR Files
* Added 55_cve-2007-3725.dpatch: backported upstream fix (LP: #126471).
* References
CVE-2007-3725
-- Leonel Nunez <email address hidden> Mon, 16 Jul 2007 21:23:43 -0600
-
clamav (0.90.2-0ubuntu1.2) feisty-security; urgency=low
* SECURITY UPDATE: Remote attack in RAR files and Insecure Temporary
file creation
* Added 51_cve-2007-3023.dpatch, 52_cve-2007-3024.dpatch
* Added 53_cve-2007-3122.dpatch, 54_cve-2007-3123.dpatch
* References
CVE-2007-3123
CVE-2007-3122
CVE-2007-3024
CVE-2007-3023
-- Leonel Nunez <email address hidden> Fri, 8 Jun 2007 12:48:11 -0600
-
clamav (0.90.2-0ubuntu1.1) feisty-security; urgency=low
* SECURITY UPDATE: Remote attack in PDF handler and OLE2 Parser
* Added 50_pdf-ole-bugfix.patch.dpatch extracted from upstream fixes.
* References
CVE-2007-2650
CVE-2007-2029
-- Leonel Nunez <email address hidden> Thu, 31 May 2007 16:43:39 -0600
-
clamav (0.90.2-0ubuntu1) feisty; urgency=low
* New upstream release not in Debian yet.
- Current patchset still applies
* No /debian changes.
* UVF Exception granted (LP: #106357)
- Upstream is disabling virus definition support for 0.90.0/1 will
be disabled starting on April 16 2007.
-- Scott Kitterman <email address hidden> Sat, 14 Apr 2007 05:24:09 -0400
-
clamav (0.90.1-1ubuntu2) feisty; urgency=low
* Change clamav-freshclam.init.in to specify pidfile when starting.
- Fixes LP: #85573
-- Scott Kitterman <email address hidden> Sat, 31 Mar 2007 16:06:16 -0400
-
clamav (0.90.1-1ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/clamav-base.init-stub, debian/clamav-daemon.init,
debian/rules: init script stub for common setup functions.
- debian/control: Maintainers updated for Ubuntu.
* UVF exception: LP: #89208
clamav (0.90.1-1) unstable; urgency=low
* New upstream version.
- many memory leaks fixed.
- soname version increase now upstream
* Patches:
- freshen 02_milter_sendmail_version_patch
- freshen 20_clamscan-manpage-update.dpatch
- freshen 24_nullmailer_ftbfs.dpatch
- remove 25_soname_bump.dpatch (merged upstream)
- remove 26_isspace_fix_segv.dpatch (merged upstream)
* Another NotifyClamd fix: guard against it being accidentally set to 'true'
on upgrade (closes: #411095)
* Document use of a TCP socket with clamav-milter in README.Debian
* Remove obsolete --mbox switch from clampipe
* add --enable-dns-fix to ./configure (closes: #411921)
* Remove spurious Conflicts/Provides libclamav (this results in attempting
to remove libclamav1, which is not what we want).
* Remove Provides libclamav1-dev from the -dev package.
* Better /etc/init.d/ stop handling (closes: #411373, #411448)
-- Michael Bienia <email address hidden> Mon, 5 Mar 2007 12:59:32 +0100
-
clamav (0.90-1ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/clamav-base.init-stub, debian/clamav-daemon.init,
debian/rules: init script stub for common setup functions.
- debian/control: Maintainers updated for Ubuntu.
clamav (0.90-1) unstable; urgency=medium
* New upstream version (closes: #410966)
* Patch rework:
- freshen 02_milter_sendmail_version_patch
- remove 05_freshclam_manpage.dpatch (obsoleted upstream)
- freshen 19_freshclam-manpage-info.dpatch
- freshen 20_clamscan-manpage-update.dpatch
- freshen 24_nullmailer_ftbfs.dpatch
- add 25_soname_bump
- add 26_isspace_fix_segv.dpatch to address segv in entity normalization
(taken from upstream CVS)
* New freshclam option: ScriptedUpdates
* Add manpage for clamconf
* soname bump and library package rename due to dropped functions
* Security issues addressed in this release:
- [CVE-2007-0897] CAB File Denial of Service Vulnerability
- [CVE-2007-0898] MIME Parsing Directory Traversal Vulnerability
- [CVE-2007-0899] Possible heap overflow in libclamav/fsg.c
-- Kees Cook <email address hidden> Tue, 20 Feb 2007 10:33:44 -0800
-
clamav (0.90~rc3-1ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/clamav-base.init-stub, debian/clamav-daemon.init,
debian/rules: init script stub for common setup functions.
clamav (0.90~rc3-1) unstable; urgency=low
* New upstream version
- New config options:
MailMaxRecursion
PhishingSignatures
* Add clamconf to clamav-daemon package
* New translations:
- gl (closes: #407281)
* patch rework:
- Remove 10_base64.dpatch (merged upstream)
- Remove 22_libtoolize.dpatch (merged upstream: w0000t)
- Remove 26_implicit_functions.dpatch (merged upstream)
- Remove 25_kfreebsd.dpatch (merged upstream)
- Freshen 20_clamscan-manpage-update.dpatch
- Freshen 24_nullmailer_ftbfs.dpatch
clamav (0.90~rc2-2) experimental; urgency=low
* CVE's unavailable at previous upload time fixed in -1:
CVE-2006-6481
CVE-2006-6406
* NotifyClamd option handling was wrong for freshclam (closes: #403265)
* Fix Foreground parsing bug in clamav-milter.init
* Document postfix useage for clamav-milter, and include upstream INSTALL
file which has more information (closes: #392224)
* patches rework: libtoolizing is now a dpatch, to reduce patch size between
releases in the future
* New translation:
- es.po (closes: #402668)
clamav (0.90~rc2-1) experimental; urgency=low
* New upstream version
- Can now disable options one by one (closes: #316330)
- Fixes recursion based DoS (closes: #401874)
* Patches:
- Freshen all
- Delete obsoleted ones
- 10_base64.dpatch added for MIME bypass (closes: #401873)
* New config file format dealt with in postinst
* Freshclam now takes a PidFile argument - we don't need s-s-d to handle it
* debian/rules check to make sure all config options are handled
-- Kees Cook <email address hidden> Mon, 5 Feb 2007 18:09:04 -0800
-
clamav (0.88.7-1ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/clamav-base.init-stub, debian/clamav-daemon.init,
debian/rules: init script stub for common setup functions.
clamav (0.88.7-1) unstable; urgency=medium
* New upstream version
[ CVE-2006-6406 ] MIME encoding scan bypass (closes: #401873)
[ CVE unavailable ] Nested multipart recursion DoS (closes: #401874)
-- Kees Cook <email address hidden> Tue, 12 Dec 2006 16:04:26 -0800
-
clamav (0.88.6-1ubuntu1) feisty; urgency=low
* Merge from debian unstable.
* Remaining Ubuntu changes:
- debian/clamav-base.init-stub, debian/clamav-daemon.init,
debian/rules: init script stub for common setup functions.
clamav (0.88.6-1) unstable; urgency=low
* New upstream version
- incorporates freshclam non-block patch, thus dropping it from patches/
clamav (0.88.5-3) unstable; urgency=low
* Fix broken configure.in patch. Never mattered on systems where sendmail
wasn't installed, but would make the build system fail to pick up local
versions of sendmail on custom arrangements
clamav (0.88.5-2) unstable; urgency=high
* Fix FTBFS with nullmailer (closes: #393672)
* Urgency high because this was keeping security fixes out of testing
* Noted here since they were unavailable at previous upload time:
- IDEF1597 is CVE-2006-4182 (libclamav/rebuildpe.c)
- IDEF1736 is CVE-2006-5295 (libclamav/chmunpack.c)
clamav (0.88.5-1) unstable; urgency=medium
* New upstream version
- libclamav/rebuildpe.c: fix possible heap overflow [IDEF1597]
- libclamav/chmunpack.c: fix possible crash [IDEF1736]
- urgency medium for this reason
clamav (0.88.4-4) unstable; urgency=low
* Versioned build-dep on dpkg-dev so I can use ${binary:Version}
* Actually remove Magnus this time
* Add Recommends clamav-base to clamav (closes: #391038)
* Fix parse problem is slurp_config() (closes: #384046)
clamav (0.88.4-3) unstable; urgency=low
* Move logrotate handling to clamav-daemon.postrm (closes: #384011)
* Apply upstream freshclam timeout patch (closes: #334911, #382353)
* Actually install changelogs, symlink other docs.
* Make binary packages binNMU'able
* lsb init comments added to init scripts
* Remove Magnus from Uploaders field, as it looks like he's really not
coming back to it. Thanks for all your work, Magnus!
* Add shlibsdeps to clamav-dbg
clamav (0.88.4-2) unstable; urgency=low
* Just to note here for the security team, 0.88.4-1 fixed
[CVE-2006-4018]: libclamav/upx.c: buffer overflow
(CVE unavailable at upload time)
* Fix up arguments to start_daemon() in init scripts (closes: #382092)
* Fix override disparity
-- Kees Cook <email address hidden> Tue, 28 Nov 2006 21:22:48 -0800
-
clamav (0.88.4-1ubuntu2) edgy; urgency=low
* SECURITY UPDATE: multiple denial of service attacks in file processors.
* Add 'debian/patches/30_pe_chm_overflows.dpatch' to close overflows.
Patch from Debian stable (Closes Malone #66510).
* References
CVE-2006-4182, CVE-2006-5295
-- Kees Cook <email address hidden> Mon, 23 Oct 2006 12:09:30 -0700
