Description Quality Assurance 2024-12-09 12:13:59 CET

New Debian clamav 1.0.7+dfsg-1~deb10u1A~5.0.9.202412091213 fixes:
This update addresses the following issues:
1.0.7+dfsg-1~deb10u1 (Thu, 31 Oct 2024 12:00:46 -0300)
* Non-maintainer upload by the ELTS team.
* Backport version 1.0.7 from bookworm to buster to fix security issues. -  d/control: b-d on binaries provided by rustc-web. - d/control: b-d on  cmake-latest instead of cmake. - d/control: b-d on linux-libc-dev. -  d/p/backports: add patch to skip test failing in ELTS releases due to old  version of ca-certificates. - CVE-2024-20505 - CVE-2024-20506
1.0.7+dfsg-1~deb12u1 (Thu, 03 Oct 2024 11:57:45 +0200)
* Import 1.0.7 - CVE-2024-20506 (Changed the logging module to disable  following symlinks on Linux) - CVE-2024-20505 (Fixed a possible  out-of-bounds read bug in the PDF file parser).
1.0.5+dfsg-1~deb12u1 (Thu, 08 Feb 2024 21:58:26 +0100)
* Import 1.0.5. - Update symbols. - CVE-2024-20290 (Fixed a possible heap  overflow read bug in the OLE2 file parser that could cause a  denial-of-service (DoS) condition.) - CVE-2024-20328 (Fixed a possible  command injection vulnerability in the "VirusEvent" feature of ClamAV's  ClamD service.
1.0.4+dfsg-1~deb12u1 (Sun, 04 Feb 2024 11:45:46 +0100)
* Import 1.0.4 - Update symbols.
1.0.3+dfsg-1~deb12u1 (Sat, 09 Sep 2023 16:36:13 +0200)
* Import 1.0.3
* Remove unnecessary warning messages in freshclam during update.
1.0.2+dfsg-1~deb12u1 (Sun, 27 Aug 2023 11:35:11 +0200)
* Import 1.0.2 - CVE-2023-20197 (Possible DoS in HFS+ file parser). -  CVE-2023-20212 (Possible DoS in AutoIt file parser).
* Use cmake for xml2 detection.
* Replace tomsfastmath with OpenSSL's BN.
* Don't enable clamonacc by default.
* Let the clamav-daemon.socket depend on the service file again
.
1.0.1+dfsg-2 (Sun, 26 Feb 2023 17:39:06 +0100)
* Depend on latest libtfm1, #1027010).
1.0.1+dfsg-1 (Fri, 17 Feb 2023 20:29:05 +0100)
* Import 1.0.1 - CVE-2023-20032 (Possible RCE in the HFS+ file parser). -  CVE-2023-20052 (Possible information leak in the DMG file parser).
1.0.0+dfsg-6 (Sat, 21 Jan 2023 18:02:12 -0500)
[ Sebastian Andrzej Siewior ]
* Add d/p/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch to fix  rpath issues
[ Scott Kitterman ]
* Remove obsolete usr/share/doc/*/NEWS.gz links from debian/*.links, no  longer provided in the package (Thanks to Paul Wise for reporting)

* Complete update of d/copyright for upstream file removal/reorganization
* Restore and update clamav-freshclam and libclamav lintian-overrides for  current lintian
* Drop depends on obsolete package lsb-base
1.0.0+dfsg-5 (Fri, 06 Jan 2023 12:33:39 -0500)
* Update paths in d/tests/clamd for new source layout
* Add misc:Pre-Depends to clamav-daemon and clamav-milter for  init-system-helpers
* Remove obsolete debian/NEWS file
* More lintian override corrections
* Start of removing obsolete d/copyright entries
* Fix testsuite on big endian architectures.
1.0.0+dfsg-4 (Wed, 04 Jan 2023 18:32:47 -0500)
* Drop unneeded build-depends on rust-lldb.
1.0.0+dfsg-3 (Wed, 04 Jan 2023 15:06:03 -0500)
* Upload to unstable
* Directly trigger html docs build to fix lack of html docs and update  clamav-docs.install
* Fixup duplicate globs in d/copyright
* Update paths for new source layout in lintian overrides
* Update clean rule for new tests
* Add debian/source/options to ignore changes in Cargo.lock when regenerated  during build
* Remove obsolete overrides from d/rules
1.0.0+dfsg-2 (Mon, 02 Jan 2023 18:38:42 +0100)
* Add libclamav11 replaces libclamav9 since the libfreshclam so name did not  change.
* Use a version-script and limit the exported symbols of libclamav and  libfreshclam.
1.0.0+dfsg-1 (Sat, 31 Dec 2022 13:44:59 +0100)
* Update to 1.0.0.