-
clamav (0.92.1~dfsg2-1.1~gutsy3.1ubuntu2) gutsy-security; urgency=low
[ Leonel Nunez ]
* SECURITY UPDATE:
* [CVE-2008-5314]: remote attack by sending a specially crafted JPEG file
libclamav/special.c, libclamav/special.h, libclamav/scanners.c
* [CVE-2008-3912]: libclamav/mbox.c, libclamav/message.c: out-of-memory
null dereferences
* [CVE-2008-3914]: libclamav/htmlnorm.c, libclamav/others.c,
libclamav/sis.c: fd leaks
* [CVE-2008-3913]: freshclam/manager.c: memory leaks
* added 29_CVE-2008-3912.dpatch 30_CVE-2008-3913.dpatch
32_cli_check_jpeg_exploit.dpatch 31_CVE-2008-3914.dpatch
* References: LP #271546, #304017
[ Scott Kitterman ]
* SECURITY UPDATE: re-enable modules disabled due to resolved security
deficiencies:
* References: Clamav svn commit 4550 LP: #317923
-- Scott Kitterman <email address hidden> Sat, 17 Jan 2009 23:57:18 -0500
-
clamav (0.92.1~dfsg2-1.1~gutsy3.1ubuntu1) gutsy-security; urgency=low
* SECURITY UPDATE: fix off-by-one heap overflow
* References : LP #296704, Debian Bug #505134
* Updated 28_of-by-1.dpatch
- libclamav/vba_extract.c
-- Leonel Nunez <email address hidden> Tue, 11 Nov 2008 05:21:55 -0700
-
clamav (0.92.1~dfsg2-1.1~gutsy3.1) gutsy-security; urgency=low
* SECURITY UPDATE: fix possible DoS due to invalid memory access
* Updated 27_petite.c.dpatch (LP: #249316)
- libclamav/petite.c: fix one more spot
* References
CVE-2008-2713
Debian Bug #490925
-- Michael Casadevall <email address hidden> Thu, 17 Jul 2008 05:25:10 +0000
-
clamav (0.92.1~dfsg2-1.1~gutsy3) gutsy-security; urgency=low
* SECURITY UPDATE: fix possible invalid memory access
* added 27_petite.c.dpatch: (LP: #238575)
- libclamav/petite.c: fix possible invalid memory access
* References
CVE-2008-2713
-- Leonel Nunez <email address hidden> Mon, 09 Jun 2008 12:10:04 -0600
-
clamav (0.92.1~dfsg2-1.1~gutsy2) gutsy-security; urgency=low
* no change rebuild for -security
-- Jamie Strandboge <email address hidden> Mon, 02 Jun 2008 16:00:36 -0400
-
clamav (0.92.1~dfsg2-1.1~gutsy1) gutsy-backports; urgency=low
* Automated backport upload; no source changes.
clamav (0.92.1~dfsg2-1.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* This update addresses the following security issue:
- CVE-2008-1833: heap-based buffer overflow allows remote
attackers to execute arbitrary code via a crafted WWPack compressed
PE binary (Closes: #476694).
clamav (0.92.1~dfsg2-1) unstable; urgency=high
* libclamav/pe.c: possible integer overflow in wwpack
* [CVE-2008-1100]: libclamav/pe.c: possible integer overflow in upack
* [CVE-2008-1387]: libclamav/spin.c: possible integer overflow
* libclamav/unarj.c: DoS in unarj
clamav (0.92.1~dfsg2-0.1) unstable; urgency=low
* Non-maintainer upload.
* Remove non-free unrar files and repack orig.tar.gz (Closes: #470073)
clamav (0.92.1~dfsg-1) unstable; urgency=low
* New upstream bugfix release
- [2007-6595]: libclamav/others.c: symlink vulnerability
cli_gentempfd now calls open with O_EXCL (closes: #458532)
- [CVE-2008-0318]: libclamav/pe.c: possible integer overflow
- libclamav/mew.c: possible heap corruption
* Add a note to NEWS.Debian about unrar support being dropped
(closes: #465203)
* clamav-milter: off-by-one programming error in pingServer
(closes: #458204)
* Copyright now complete (thanks Scott Kitterman <email address hidden>)
(closes: #456770)
* Attempt to work around clamav-milter not bothering to check if another
instance is running on startup (reported as LP bug 179169)
clamav (0.92~dfsg-3) unstable; urgency=low
* Copyright clarifications (closes: #456770) (thanks
Scott Kitterman <email address hidden>)
clamav (0.92~dfsg-2) unstable; urgency=low
* Drop obsolete option NodalCoreAcceleration (closes: #457051)
clamav (0.92~dfsg-1) unstable; urgency=medium
* New upstream version
- urgency medium due to 3 CVEs:
* [CVE-2007-6336]: libclamav/mspack.c: Off-by-1 error in LZX_READ_HUFFSYM
* [CVE-2007-6337]: libclamav/nsis/bzlib_private.h: bzlib issue
* [CVE-2007-6335]: libclamav/pe.c: MEW PE File Integer Overflow
- would be urgency=high, except we have soname transition
- new package libclamav3 thanks to that
- Memory optimizations in trie building (closes: #420391)
- Don't create circular lists when two version of the same database are
loaded (closes: #454052)
- sigtool prints name of file being processed (closes: #414246)
- now displays message number during mbox scans with debug enabled
(closes: #452543)
- clamav-milter now accepts HUP to reopen logfile (closes: #414993)
* Packaging changes:
* Check that directories shipped in the .deb exist before chowning them.
This is apparently an unreported problem for some Ubuntu users
* Patches:
- remove 25_wrong_shebang.dpatch (merged upstream)
- add 25_skip_sendmail.cf.dpatch (closes: #312575)
* Translations:
- fr (closes: #454128)(thanks Christian Perrier <email address hidden>)
* Handle new option LogTime for freshclam
* Move clamav-docs to section 'doc'
* Catch all cases where the init script is called from freshclam's postinst
and make sure invoke-rc.d is used if available
* Freshen patches
clamav (0.91.2-4) unstable; urgency=low
* i18n rework (closes: #444801)
* New translations:
- cs (closes: #446786)(thanks Miroslav Kure <email address hidden>)
- de (closes: #447489)(thanks Helge Kreutzmann <email address hidden>)
- es (closes: #445605)(thanks Javier Fernández-Sanguino Peña <email address hidden>)
- fi (closes: #447000)(thanks Esko Arajärvi <email address hidden>)
- gl (closes: #446473)(thanks Jacobo Tarrio <email address hidden>)
- it (closes: #445348)(thanks Cristian Rigamonti <email address hidden>)
- ja (closes: #446208)(thanks Kenshi Muto <email address hidden>)
- pt (closes: #447291)(thanks Ricardo Silva <email address hidden>)
- pt_BR (closes: #446940)(thanks Felipe Augusto van de Wiel (faw)
<email address hidden>)
- ru (closes: #447356)(thanks Yuri Kozlov <email address hidden>)
- vi (closes: #446898)(thanks Clytie Siddall <email address hidden>)
* Get rid of some unused debconf notes
* Update NEWS.Debian retroactively to quiet lintian
* Add Build-Dep on po-debconf and call debconf-updatepo in clean target
* Better watch file (closes: #449622) (thanks Raphael Geissert
<email address hidden>)
* Better integration between postfix and clamav-milter (closes: #446404)
-- Scott Kitterman <email address hidden> Tue, 29 Apr 2008 14:05:57 +0100
-
clamav (0.91.2-3ubuntu2.4) gutsy-security; urgency=low
* SECURITY UPDATE: Possible heap corruprion
* Added 31_mew.c-CVE-2008-0728.dpatch
* References: CVE-2008-0728 ( LP: #213500 )
-- Leonel Nunez <email address hidden> Mon, 07 Apr 2008 17:32:39 -0600
-
clamav (0.91.2-3ubuntu2.3) gutsy-security; urgency=low
* SECURITY UPDATE: possible integer overflow and tempfile symlink
vulnerability
* Added 29_others.c.CVE-2007-6595.dpatch: Fixes Tempfile symlink
vulnerability
* Added 30__pe.c.CVE-2008-0318.dpatch: Fixes posible integer overflow
* References CVE-2007-6595 CVE-2008-0318 (LP: 191150)
-- Leonel Nunez <email address hidden> Mon, 11 Feb 2008 21:01:07 -0700
-
clamav (0.91.2-3ubuntu2.2) gutsy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via bzip header overflow.
* Add 28_bzlib_private.h-CVE-2007-6337.dpatch: upstream fixes for
vulnerability in the bzip2 decompression algorithm (LP: #181830).
* References
CVE-2007-6337
-- Leonel Nunez <email address hidden> Thu, 10 Jan 2008 10:36:03 -0700
-
clamav (0.91.2-3ubuntu2.1) gutsy-security; urgency=low
* SECURITY UPDATE: Remote code execution
* [CVE-2007-6336]: libclamav/mspack.c: Off-by-one error in LZX_READ_HUFFSYM
* [CVE-2007-6335]: libclamav/pe.c: MEW PE File Integer Overflow
-- Leonel Nunez <email address hidden> Wed, 19 Dec 2007 12:54:38 -0700
-
clamav (0.91.2-3ubuntu2) gutsy; urgency=low
* Correct Postfix socket location for clamav-milter in
debian/clamav-milter.default (LP: #151850)
-- Scott Kitterman <email address hidden> Fri, 12 Oct 2007 11:13:10 -0400
-
clamav (0.91.2-3ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Update debian/watch so it works
- Add libcurl3-gnutls depends for clamav-freshclam, clamav-milter,
clamav-daemon
- In debian/clamav-base.postinst.in add test on upgrade to create
/var/run/clamav if it does not exist
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
- Add an explicit Build-Depends on libcurl4-gnutls-dev.
clamav (0.91.2-3) unstable; urgency=low
* Remove spurious dependency on libcurl3-dev from libclamav-dev
(closes: #440771)
-- Scott Kitterman <email address hidden> Thu, 13 Sep 2007 00:37:08 -0400
-
clamav (0.91.2-2ubuntu1) gutsy; urgency=low
* Merge from Debian unstable (LP: #135846). Remaining Ubuntu changes:
- Update debian/watch so it works
- Add libcurl3-gnutls depends for clamav-freshclam, clamav-milter,
clamav-daemon
- In debian/clamav-base.postinst.in add test on upgrade to create
/var/run/clamav if it does not exist
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
* Add an explicit Build-Depends on libcurl4-gnutls-dev (was libcurl-dev).
* Change Build-Depends in libclamav-dev to libcurl4-gnutls-dev
(was libcurl3-dev).
clamav (0.91.2-2) unstable; urgency=low
* Use the correct variable for $user (closes: #439253)
* Guard against unset $DatabaseDirectory (closes: #439913)
* Make it easier to use clamav-milter with postfix (closes: #434995)
* Fix shebang paths in contrib directories (closes: #439352)
* Quiet clamav-milter startup (closes: #438454)
clamav (0.91.2-1) unstable; urgency=low
* New upstream version
- fix call to tolower() which led to a crash in libclamav
- fix possible NULL dereference, e.g. when parsing email with RFC2397
URI
- fix floating point exception when using ScanOLE2
- fix possible NULL dereference in rtf.c
-- Cesare Tirabassi <email address hidden> Thu, 1 Sep 2007 20:54:07 +0200
-
clamav (0.91.2-0ubuntu1) gutsy; urgency=low
* New upstream release
- Update debian/postinst.in to deal with new DetectPUA feature.
* Update debian/watch so it works
-- Scott Kitterman <email address hidden> Tue, 21 Aug 2007 08:36:04 -0400
-
clamav (0.91.1-2ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- Add libcurl3 depends for clamav-freshclam, clamav-milter, clamav-daemon
- In debian/clamav-base.postinst.in add test on upgrade to create
/var/run/clamav if it does not exist
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.91.1-2) unstable; urgency=low
* Move database files to -base package (closes: #434505)
* Use right config option to determine freshclam's uid (closes: #436204)
* Freshclam ignore.d.server update for cdiff downloads (closes: #435199)
-- Scott Kitterman <email address hidden> Mon, 13 Aug 2007 14:14:02 -0400
-
clamav (0.91.1-1ubuntu3) gutsy; urgency=low
* Add libcurl3 depends for clamav-freshclam, clamav-milter, clamav-daemon
- Upstream README that claim libcurl dependency was removed is wrong.
-- Scott Kitterman <email address hidden> Wed, 01 Aug 2007 22:18:44 -0400
-
clamav (0.91.1-1ubuntu2) gutsy; urgency=low
* In debian/clamav-base.postinst.in add test on upgrade to create
/var/run/clamav if it does not exist (LP: #117932)
-- Scott Kitterman <email address hidden> Mon, 23 Jul 2007 10:26:35 -0400
-
clamav (0.91.1-1ubuntu1) gutsy; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.91.1-1) unstable; urgency=low
* New upstream version
* Patches:
- drop 25_phishcheck-crash.dpatch (upstream)
clamav (0.91.1-0ubuntu1) gutsy; urgency=low
* New upstream release
clamav (0.91-2) unstable; urgency=low
* Pull 25_phishcheck-crash.dpatch from upstream svn to fix a possible crash
in phishcheck.c
* Handle new Phish* options (no longer experimental code)
clamav (0.91-1) unstable; urgency=low
* New upstream version (closes: #432857)
* Fixes long database load time (closes: #423879, #427154, #428675, #432334)
* [CVE-2007-3725] DoS in unrarvm.c
- This should make this urgency=high, but I am nervous about some changes
in clamav.h. After discussion with the Release Wizard, I am not going
to bump the soname unilaterally, but I am going to delay the migration
to testing to catch any problems.
* Patch rework:
- freshen 02_milter_sendmail_version_patch
- freshen 03_etc_files_patch
- 20_clamscan-manpage-update.dpatch obsoleted
- freshen 24_nullmailer_ftbfs.dpatch
-- Scott Kitterman <email address hidden> Tue, 17 Jul 2007 13:36:29 -0400
-
clamav (0.91.1-0ubuntu1) gutsy; urgency=low
* New upstream release
-- Scott Kitterman <email address hidden> Mon, 16 Jul 2007 21:27:04 -0400
-
clamav (0.91-0ubuntu1) gutsy; urgency=low
* New upstream release
- Freshen 02_milter_sendmail_version_patch
- Freshen 03_etc_files_patch
- Freshen 20_clamscan-manpage-update.dpatch
-- Scott Kitterman <email address hidden> Sun, 15 Jul 2007 01:30:03 -0400
-
clamav (0.90.3-2ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.3-2) unstable; urgency=low
* Fix newaliases test to not fail when newaliases isn't present
(closes: #431990)
* Quiet freshclam warnings when run from cron (closes: #427420)
-- Scott Kitterman <email address hidden> Tue, 10 Jul 2007 13:30:20 -0400
-
clamav (0.90.3-1ubuntu3) gutsy; urgency=low
* Rebuild for the libcurl transition mess.
-- Steve Kowalik <email address hidden> Thu, 5 Jul 2007 00:14:33 +1000
-
clamav (0.90.3-1ubuntu2) gutsy; urgency=low
* Stop clamav-base postinst from bailing out when which newaliases
doesn't return anything (fix from Soren Hansen) (LP: #39853)
-- Scott Kitterman <email address hidden> Wed, 27 Jun 2007 13:22:01 -0400
-
clamav (0.90.3-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.3-1) unstable; urgency=low
* New upstream version
- Fixes segfault in segfault handler (closes: #420593)
- Fixes slow load times seen in earlier 09.x versions
(closes: #425796, #425661)
* Stop using killproc for reloading logs, at least until it stops removing
pidfiles out from under us (closes: #424618)
-- Efrain Valles <email address hidden> Sat, 2 Jun 2007 09:29:00 -0400
-
clamav (0.90.2-4ubuntu1) gutsy; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
-- Scott Kitterman <email address hidden> Sat, 19 May 2007 15:45:11 -0400
-
clamav (0.90.2-1ubuntu1) gutsy; urgency=low
* Merge from Debian unstable. Remaining Ubuntu changes:
- debian/clamav-base.init-stub, debian/clamav-daemon.init,
debian/rules: init script stub for common setup functions.
- debian/control: Maintainers updated for Ubuntu.
- debian/clamav-freshclam.init.in specify pidfile when starting.
clamav (0.90.2-1) unstable; urgency=low
* New upstream version
- Fixes reconnect issue in non-block-connect (closes: #418935)
- Fixes a segfault in pdf scanning (closes: #418849)
* Update description to reflect new features in 0.9x (closes: #414884)
* Translation:
- Ru (thanks Yuriy Talakan <email address hidden>)(closes: #416342)
* Logcheck rule update for freshclam
(thanks Jefferson Cowart <email address hidden>) (closes: #415073)
clamav (0.90.1-2) unstable; urgency=low
* Another NotifyClamd fix that somehow didn't make it into the last upload
(closes: #414407)
* Remove references to Woody backports. No longer supported
(closes: #412386)
* Add more files to freshclam's purge list
-- Scott Kitterman <email address hidden> Sat, 5 May 2007 16:25:28 -0400
-
clamav (0.90.2-0ubuntu1) feisty; urgency=low
* New upstream release not in Debian yet.
- Current patchset still applies
* No /debian changes.
* UVF Exception granted (LP: #106357)
- Upstream is disabling virus definition support for 0.90.0/1 will
be disabled starting on April 16 2007.
-- Scott Kitterman <email address hidden> Sat, 14 Apr 2007 05:24:09 -0400
