[ubuntu/oracular-proposed] clamav 1.3.1+dfsg-5ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Sep 16 16:17:16 UTC 2024 

clamav (1.3.1+dfsg-5ubuntu2) oracular; urgency=medium

  * SECURITY UPDATE: out of bounds read in PDF parser
    - debian/patches/CVE-2024-20505.patch: add more checks to
      libclamav/pdf.c, libclamav/pdfng.c.
    - CVE-2024-20505
  * SECURITY UPDATE: file overwrite via log file symlinks
    - debian/patches/CVE-2024-20506.patch: disable following symlinks when
      opening log files in common/output.c.
    - CVE-2024-20506

Date: Mon, 16 Sep 2024 11:22:38 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/clamav/1.3.1+dfsg-5ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 16 Sep 2024 11:22:38 -0400
Source: clamav
Built-For-Profiles: noudeb
Architecture: source
Version: 1.3.1+dfsg-5ubuntu2
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 clamav (1.3.1+dfsg-5ubuntu2) oracular; urgency=medium
 .
   * SECURITY UPDATE: out of bounds read in PDF parser
     - debian/patches/CVE-2024-20505.patch: add more checks to
       libclamav/pdf.c, libclamav/pdfng.c.
     - CVE-2024-20505
   * SECURITY UPDATE: file overwrite via log file symlinks
     - debian/patches/CVE-2024-20506.patch: disable following symlinks when
       opening log files in common/output.c.
     - CVE-2024-20506
Checksums-Sha1:
 c77d63443f14a2b21e39c6a7f776ec22b4fa1d9d 3187 clamav_1.3.1+dfsg-5ubuntu2.dsc
 40dbc494bd9816f53ff79d93b5037900dfb2f578 531368 clamav_1.3.1+dfsg-5ubuntu2.debian.tar.xz
 c27e7c3f06b80a3b65c672fbdad5d63cd1dc1d92 10734 clamav_1.3.1+dfsg-5ubuntu2_source.buildinfo
Checksums-Sha256:
 b78a9812b7cc676d6dee7a9cf0ce14c6f9be9b8f72e08aac4263512215eea86f 3187 clamav_1.3.1+dfsg-5ubuntu2.dsc
 f6f930829f1317aafdceb59134651c375b28798774fc1478aad4f18a556ab6cb 531368 clamav_1.3.1+dfsg-5ubuntu2.debian.tar.xz
 90b93fdf07d983992dcc59c4eaaf356d1e2eacea99838d4324afeb9d9b5bf067 10734 clamav_1.3.1+dfsg-5ubuntu2_source.buildinfo
Files:
 3bd2b299c75de41cae28ca0de667a8e0 3187 utils optional clamav_1.3.1+dfsg-5ubuntu2.dsc
 862f1d2ba96d7e266e5c2b3c84fd0657 531368 utils optional clamav_1.3.1+dfsg-5ubuntu2.debian.tar.xz
 9e15734cd43ad22e5f638f9f7fcad724 10734 utils optional clamav_1.3.1+dfsg-5ubuntu2_source.buildinfo
Original-Maintainer: ClamAV Team <pkg-clamav-devel at lists.alioth.debian.org>

More information about the oracular-changes mailing list