From f92c093c7a39b8e0d6754c452268b0af20ef860b Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 24 Jan 2022 23:10:47 +0100 Subject: [PATCH] package/clamav: security bump to version 0.103.5 ClamAV 0.103.5 is a critical patch release with the following fix: - CVE-2022-20698: Fix for invalid pointer read that may cause a crash. Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) is enabled. https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- package/clamav/clamav.hash | 2 +- package/clamav/clamav.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/clamav/clamav.hash b/package/clamav/clamav.hash index d68b04af76..73f4ff88f1 100644 --- a/package/clamav/clamav.hash +++ b/package/clamav/clamav.hash @@ -1,5 +1,5 @@ # Locally calculated -sha256 def0ad15500fa6aff81d8e68b9f83aa75ee5b607a01335c1d26dbcc959932f85 clamav-0.103.4.tar.gz +sha256 1e74b1e1d2a8a9056449c313f48a6983b9d5ba0d6fb5ef0b2be6ad3c841a5426 clamav-0.103.5.tar.gz sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584 COPYING sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed COPYING.bzip2 sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6 COPYING.file diff --git a/package/clamav/clamav.mk b/package/clamav/clamav.mk index 94b589b975..cd2d06e6b3 100644 --- a/package/clamav/clamav.mk +++ b/package/clamav/clamav.mk @@ -4,7 +4,7 @@ # ################################################################################ -CLAMAV_VERSION = 0.103.4 +CLAMAV_VERSION = 0.103.5 CLAMAV_SITE = https://www.clamav.net/downloads/production CLAMAV_LICENSE = GPL-2.0 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \