4037c0a397
Release notes: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html - Fixes for the following vulnerabilities affecting 0.101.1 and prior: - CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. - CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. - CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. - Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only: - CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking. - CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. Issue reported by aCaB. - CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives. Issue reported by David L. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| 0001-clamdscan-proto.c-fix-build-error-due-to-missing-soc.patch | ||
| 0002-mbox-do-not-use-backtrace-if-using-uClibc-without-ba.patch | ||
| clamav.hash | ||
| clamav.mk | ||
| Config.in | ||