diff mbox series

clamav: Update to 0.101.4

Message ID 20190823164904.24488-1-matthias.fischer@ipfire.org
State Accepted
Commit 2b20d0cfc630dc76fe4742634417ea6e006ccc1a
Headers
Series clamav: Update to 0.101.4 |

Commit Message

Matthias Fischer Aug. 23, 2019, 4:49 p.m. UTC 
  For details see:
https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html

"An out of bounds write was possible within ClamAV's NSIS bzip2
library when attempting decompression in cases where the number
of selectors exceeded the max limit set by the library (CVE-2019-12900).
The issue has been resolved by respecting that limit.

Thanks to Martin Simmons for reporting the issue here.

The zip bomb vulnerability mitigated in 0.101.3 has been assigned
the CVE identifier CVE-2019-12625. Unfortunately, a workaround for
the zip-bomb mitigation was immediately identified. To remediate
the zip-bomb scan time issue, a scan time limit has been introduced
in 0.101.4.
This limit now resolves ClamAV's vulnerability to CVE-2019-12625."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 lfs/clamav | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/lfs/clamav b/lfs/clamav
index d6f8164b7..aa7715763 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 0.101.3
+VER        = 0.101.4
 
 THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 45
+PAK_VER    = 46
 
 DEPS       = ""
 
@@ -50,7 +50,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 1981c5bd299c1f3cbf3f74095a00524c
+$(DL_FILE)_MD5 = b6e6891035ce3e3f35830154bd280311
 
 install : $(TARGET)