Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/clamav security/clamav: update to 0.102.3



details:   https://anonhg.NetBSD.org/pkgsrc/rev/0e306cd25a2c
branches:  trunk
changeset: 431471:0e306cd25a2c
user:      taca <taca%pkgsrc.org@localhost>
date:      Wed May 13 14:58:58 2020 +0000

description:
security/clamav: update to 0.102.3

Update clamav to 0.102.3.


## 0.102.3

ClamAV 0.102.3 is a bug patch release to address the following issues.

- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
  Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
  could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
  an unsigned variable results in an out-of-bounds read which causes a crash.

  Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
  parsing vulnerability.

- [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
  Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
  could cause a Denial-of-Service (DoS) condition. Improper size checking of
  a buffer used to initialize AES decryption routines results in an out-of-
  bounds read which may cause a crash. Bug found by OSS-Fuzz.

- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.

- Fix a couple of minor memory leaks.

- Updated libclamunrar to UnRAR 5.9.2.

diffstat:

 security/clamav/Makefile        |   3 +--
 security/clamav/Makefile.common |   4 ++--
 security/clamav/distinfo        |  10 +++++-----
 3 files changed, 8 insertions(+), 9 deletions(-)

diffs (44 lines):

diff -r f4e26dd06296 -r 0e306cd25a2c security/clamav/Makefile
--- a/security/clamav/Makefile  Wed May 13 14:57:12 2020 +0000
+++ b/security/clamav/Makefile  Wed May 13 14:58:58 2020 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.64 2020/05/06 14:04:59 adam Exp $
+# $NetBSD: Makefile,v 1.65 2020/05/13 14:58:58 taca Exp $
 
-PKGREVISION= 2
 .include "Makefile.common"
 
 COMMENT=       Anti-virus toolkit
diff -r f4e26dd06296 -r 0e306cd25a2c security/clamav/Makefile.common
--- a/security/clamav/Makefile.common   Wed May 13 14:57:12 2020 +0000
+++ b/security/clamav/Makefile.common   Wed May 13 14:58:58 2020 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.15 2020/02/15 02:40:43 taca Exp $
+# $NetBSD: Makefile.common,v 1.16 2020/05/13 14:58:58 taca Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=      clamav-0.102.2
+DISTNAME=      clamav-0.102.3
 CATEGORIES=    security
 MASTER_SITES=  http://www.clamav.net/downloads/production/
 
diff -r f4e26dd06296 -r 0e306cd25a2c security/clamav/distinfo
--- a/security/clamav/distinfo  Wed May 13 14:57:12 2020 +0000
+++ b/security/clamav/distinfo  Wed May 13 14:58:58 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.32 2020/02/15 02:40:43 taca Exp $
+$NetBSD: distinfo,v 1.33 2020/05/13 14:58:58 taca Exp $
 
-SHA1 (clamav-0.102.2.tar.gz) = 9adabeac41736770aa22ae1ee1f8aba9e253cfaa
-RMD160 (clamav-0.102.2.tar.gz) = a1ef9999257f02ca55abc8da73b4456e0f02ec80
-SHA512 (clamav-0.102.2.tar.gz) = 7db53e0e2b4d6b0e4cf5048d3c9dfbcabcffd680c3a2b718c763b9599b0c1c14e56bae70c54c251ee9e8fd1acd3134657196dbaad2d23a16bad76a088c6fc41f
-Size (clamav-0.102.2.tar.gz) = 13227538 bytes
+SHA1 (clamav-0.102.3.tar.gz) = c6397a35f4ae77a3aa3241551120da45662d1f39
+RMD160 (clamav-0.102.3.tar.gz) = 85d1f1f607edfc9b8deeb68aaba39f0875b31863
+SHA512 (clamav-0.102.3.tar.gz) = d239718814b303fb0f1655d9bdaf3675d888eea57e786d927eafabb7b6f58cd7f5fb7dc149511c2af6f800dcc919f2e1d6954110d45b9e16619c632e8d2b37f2
+Size (clamav-0.102.3.tar.gz) = 13226108 bytes
 SHA1 (patch-Makefile.in) = a11766ea353d81fb281a07c8120e8a1f5c8dc60f
 SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf



Home | Main Index | Thread Index | Old Index