From 70c694ef492f7d816c12a6c1d2418c4b0e94095e Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Wed, 13 Sep 2023 15:09:22 +0200 Subject: [PATCH] package/clamav: security bump to version 0.103.9 Fixes the following security issue: - CVE-2023-20197: A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. For details, see the announcement: https://blog.clamav.net/2023/07/2023-08-16-releases.html Signed-off-by: Peter Korsgaard --- package/clamav/clamav.hash | 2 +- package/clamav/clamav.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/clamav/clamav.hash b/package/clamav/clamav.hash index 27f9b16a39..e8173cd0f9 100644 --- a/package/clamav/clamav.hash +++ b/package/clamav/clamav.hash @@ -1,5 +1,5 @@ # Locally calculated -sha256 6f49da6ee927936de13d359e559d3944248e3a257d40b80b6c99ebe6fe8c8c3f clamav-0.103.8.tar.gz +sha256 bd9345671c8089b2bbbd8c34be3bca04cffa3142cf7a3afc12527037dfd3aa88 clamav-0.103.9.tar.gz sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584 COPYING sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed COPYING.bzip2 sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6 COPYING.file diff --git a/package/clamav/clamav.mk b/package/clamav/clamav.mk index 0f0491bf0d..c4ef395cec 100644 --- a/package/clamav/clamav.mk +++ b/package/clamav/clamav.mk @@ -4,7 +4,7 @@ # ################################################################################ -CLAMAV_VERSION = 0.103.8 +CLAMAV_VERSION = 0.103.9 CLAMAV_SITE = https://www.clamav.net/downloads/production CLAMAV_LICENSE = GPL-2.0 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \