Univention Bugzilla – Full Text Bug Listing |
Summary: | clamav: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P3 | CC: | requate |
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-0-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) NVD |
Description
Philipp Hahn
2018-03-13 16:37:36 CET
[4.3-0] bada9173bd Bug #46616: clamav_0.99.4+dfsg-1+deb9u1 --- mirror/ftp/4.3/unmaintained/4.3-0/source/clamav_0.99.2+dfsg-6+b1A~4.3.0.201712111442.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/clamav_0.99.4+dfsg-1+deb9u1.dsc @@ -1,10 +1,18 @@ -0.99.2+dfsg-6+b1A~4.3.0.201712111442 [Mon, 11 Dec 2017 14:42:56 +0100] Univention builddaemon <buildd@univention.de>: +0.99.4+dfsg-1+deb9u1 [Sat, 03 Mar 2018 12:15:58 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: - * UCS auto build. The following patches have been applied to the original source package - 01-fix-ftbfs - 010-utilize_ucr_autostart_settings - 020-dont_fail_in_postinst_if_start_fails - 030-silence-version-msg + * Update to upstream 0.99.4: + Fixes for CVE: CVE-2018-1000085, CVE-2018-0202. + * Update the gpg signing key (the old DSA expired). + * Update version of private symbols due to version change. + * Bump symbol version of cl_retflevel because CL_FLEVEL changed. + +0.99.2+dfsg-6+deb9u1 [Sat, 27 Jan 2018 00:33:28 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: + + * Apply security patches from 0.99.3 (Closes: #888484): + - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420, + CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, + CVE-2017-12378, CVE-2017-12379, CVE-2017-12380. + * Bump symbol version of cl_retflevel because CL_FLEVEL changed. 0.99.2+dfsg-6 [Sat, 04 Feb 2017 21:54:51 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: (In reply to Quality Assurence from comment #2) > --- clamav_0.99.2+dfsg-6+b1A~4.3.0.201712111442.dsc > +++ clamav_0.99.4+dfsg-1+deb9u1.dsc > - * UCS auto build. The following patches have been applied to the original > source package > - 01-fix-ftbfs > - 010-utilize_ucr_autostart_settings > - 020-dont_fail_in_postinst_if_start_fails > - 030-silence-version-msg This does not look right. (In reply to Philipp Hahn from comment #3) > (In reply to Quality Assurence from comment #2) > > --- clamav_0.99.2+dfsg-6+b1A~4.3.0.201712111442.dsc > > +++ clamav_0.99.4+dfsg-1+deb9u1.dsc > > - * UCS auto build. The following patches have been applied to the original > > source package > > - 01-fix-ftbfs No longer needed as the build system is now UCS-4.3 > > - 010-utilize_ucr_autostart_settings No longer needed as we have the generic systemd handler > > - 020-dont_fail_in_postinst_if_start_fails No longer needed withsystemd > > - 030-silence-version-msg This is the only remaining patch, which could also be dropped. Package: clamav Version: 0.99.4+dfsg-1+deb9u1A~4.3.0.201805042157 Branch: ucs_4.3-0 Scope: errata4.3-0 [4.3-0] 272c3b2c26 Bug #46616: clamav 0.99.4+dfsg-1+deb9u1 doc/errata/staging/clamav.yaml | 2 +- --- mirror/ftp/4.3/unmaintained/4.3-0/source/clamav_0.99.2+dfsg-6+b1A~4.3.0.201712111442.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/clamav_0.99.4+dfsg-1+deb9u1A~4.3.0.201805042157.dsc @@ -1,10 +1,23 @@ -0.99.2+dfsg-6+b1A~4.3.0.201712111442 [Mon, 11 Dec 2017 14:42:56 +0100] Univention builddaemon <buildd@univention.de>: +0.99.4+dfsg-1+deb9u1A~4.3.0.201805042157 [Fri, 04 May 2018 21:57:00 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package - 01-fix-ftbfs - 010-utilize_ucr_autostart_settings - 020-dont_fail_in_postinst_if_start_fails 030-silence-version-msg + +0.99.4+dfsg-1+deb9u1 [Sat, 03 Mar 2018 12:15:58 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: + + * Update to upstream 0.99.4: + Fixes for CVE: CVE-2018-1000085, CVE-2018-0202. + * Update the gpg signing key (the old DSA expired). + * Update version of private symbols due to version change. + * Bump symbol version of cl_retflevel because CL_FLEVEL changed. + +0.99.2+dfsg-6+deb9u1 [Sat, 27 Jan 2018 00:33:28 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: + + * Apply security patches from 0.99.3 (Closes: #888484): + - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420, + CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, + CVE-2017-12378, CVE-2017-12379, CVE-2017-12380. + * Bump symbol version of cl_retflevel because CL_FLEVEL changed. 0.99.2+dfsg-6 [Sat, 04 Feb 2017 21:54:51 +0100] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: * Obsolete patches removed: Ok: 010-utilize_ucr_autostart_settings.patch 020-dont_fail_in_postinst_if_start_fails.patch 01-fix-ftbfs.patch clamav/freshclam/autostart=false clamav/daemon/autostart=false still works * UCS specific 030-silence-version-msg.quilt merged and applied during built * Comparison to previously shipped version ok * Binary package update Ok * Advisory adjusted: 2b5c0b326c | Sort CVEs |