kumquat-buildroot/package/clamav
Bernd Kuhls 4037c0a397 package/clamav: security bump to version 0.101.2
Release notes:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
  - CVE-2019-1787:
    An out-of-bounds heap read condition may occur when scanning PDF
    documents. The defect is a failure to correctly keep track of the number
    of bytes remaining in a buffer when indexing file data.
  - CVE-2019-1789:
    An out-of-bounds heap read condition may occur when scanning PE files
    (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
    result of inadequate bound-checking.
  - CVE-2019-1788:
    An out-of-bounds heap write condition may occur when scanning OLE2 files
    such as Microsoft Office 97-2003 documents. The invalid write happens when
    an invalid pointer is mistakenly used to initialize a 32bit integer to
    zero. This is likely to crash the application.

- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
  - CVE-2019-1786:
    An out-of-bounds heap read condition may occur when scanning malformed PDF
    documents as a result of improper bounds-checking.
  - CVE-2019-1785:
    A path-traversal write condition may occur as a result of improper input
    validation when scanning RAR archives. Issue reported by aCaB.
  - CVE-2019-1798:
    A use-after-free condition may occur as a result of improper error
    handling when scanning nested RAR archives. Issue reported by David L.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 09:31:35 +01:00
..
0001-clamdscan-proto.c-fix-build-error-due-to-missing-soc.patch clamav: reformat patches as Git-formatted patches 2018-05-13 22:59:52 +02:00
0002-mbox-do-not-use-backtrace-if-using-uClibc-without-ba.patch clamav: reformat patches as Git-formatted patches 2018-05-13 22:59:52 +02:00
clamav.hash package/clamav: security bump to version 0.101.2 2019-03-27 09:31:35 +01:00
clamav.mk package/clamav: security bump to version 0.101.2 2019-03-27 09:31:35 +01:00
Config.in package/clamav: needs wchar 2019-02-10 11:25:11 +01:00