Univention Bugzilla – Bug 54330
clamav: Multiple issues (4.4)
Last modified: 2022-01-12 16:33:47 CET
New Debian clamav None fixes: This update addresses the following issues: - Fix for Excel XLM parser infinite loop. (CVE-2021-1252) - Fix for PDF parser buffer over-read; possible crash. (CVE-2021-1404) - Fix for mail parser NULL-dereference crash. (CVE-2021-1405)
--- mirror/ftp/4.4/unmaintained/4.4-8/source/clamav_0.102.4+dfsg-0+deb9u2A~4.4.8.202104141431.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/clamav_0.103.4+dfsg-0+deb9u1A~4.4.0.202201121248.dsc @@ -1,7 +1,24 @@ -0.102.4+dfsg-0+deb9u2A~4.4.8.202104141431 [Wed, 14 Apr 2021 14:41:46 +0200] Univention builddaemon <buildd@univention.de>: +0.103.4+dfsg-0+deb9u1A~4.4.0.202201121248 [Wed, 12 Jan 2022 12:48:10 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 030-silence-version-msg + +0.103.4+dfsg-0+deb9u1 [Wed, 05 Jan 2022 12:22:29 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * New upstream release. + * Update symbols file. + * Refresh patches. + * Backport some changes from the buster update: + * Add clamonacc.8. + * Remove clamav user on purge (Closes: #987861). + * Remove freshclam.dat on purge. + * Remove deprecated option SafeBrowsing from debconf templates. + * Handle new clamd.conf options. + * Update apparmor profile for freshclam. Thanks to Michael Borgelt. + (Closes: #972974) + * Update apparmor profile for clamd. Thanks to Stefano Callegari. + (Closes: #973619). 0.102.4+dfsg-0+deb9u2 [Wed, 14 Apr 2021 13:26:10 +0530] Utkarsh Gupta <utkarsh@debian.org>: <http://piuparts.knut.univention.de/4.4-8/#8460072206533760751>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 0e71c971f1 Bug #54330: clamav 0.103.4+dfsg-0+deb9u1A~4.4.0.202201121248 doc/errata/staging/clamav.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1147>