Univention Bugzilla – Full Text Bug Listing |
Summary: | clamav: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P5 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-4-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 0.0 () Debian |
Description
Quality Assurance
2018-08-20 09:28:00 CEST
--- mirror/ftp/4.2/unmaintained/component/4.2-4-errata/source/clamav_0.100.1+dfsg-0+deb8u0A~4.2.0.201808131059.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/clamav_0.100.1+dfsg-0+deb8u1A~4.2.4.201808200927.dsc @@ -1,28 +1,32 @@ -0.100.1+dfsg-0+deb8u0A~4.2.0.201808131059 [Mon, 13 Aug 2018 10:59:23 +0200] Univention builddaemon <buildd@univention.de>: +0.100.1+dfsg-0+deb8u1A~4.2.4.201808200927 [Mon, 20 Aug 2018 09:28:06 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 010-utilize_ucr_autostart_settings 020-dont_fail_in_postinst_if_start_fails 030-silence-version-msg -0.100.1+dfsg-0+deb8u0 [Mon, 13 Aug 2018 10:02:25 +0200] Philipp Hahn <hahn@univention.de>: +0.100.1+dfsg-0+deb8u1 [Mon, 06 Aug 2018 16:59:51 +0200] Santiago Ruano Rincón <santiagorr@riseup.net>: + + * Non-maintainer upload by the LTS Team. + * Update to upstream release 0.100.1 (Closes: #903896). + * Fixes: + - CVE-2018-0360 (HWP integer overflow, infinite loop vulnerabi) + - CVE-2018-0361 (ClamAV PDF object length check, unreasonably long + time to + parse relatively small file) + * debian/clamav-daemon.config.in: fix infinite loop after SelfCheck + state (Closes: #905044). + + * Upload based on the stretch package, thanks to: [ Scott Kitterman ] - * Only create clamav user during clamav-base install if it does not exist - (LP: #121872) - - Thanks to Shane Williams for the patch + * Only create clamav user during clamav-base install if it does not + exist. Patch by Shane Williams. [ Sebastian Andrzej Siewior ] * Bump symbol version due to new version. * Add read permission for freshclam on /var/log in the apparmor profile. Thanks to Robie Basak (Closes: #902601). - - [ Philipp Hahn ] - * NMU. - * New upstrem relase (0.100.1) - - CVE-2018-0360 (HWP integer overflow, infinite loop vulnerabi) - - CVE-2018-0361 (ClamAV PDF object length check, unreasonably long time to - parse relatively small file) 0.100.0+dfsg-0+deb8u1 [Wed, 25 Apr 2018 21:58:31 +0200] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: <http://10.200.17.11/4.2-4/#5215523218139993552> OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] eb6b5cfa46 Bug #47614: clamav 0.100.1+dfsg-0+deb8u1A~4.2.4.201808200927 doc/errata/staging/clamav.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) [4.2-4] e4f9de3a7f Bug #47614: clamav 0.100.1+dfsg-0+deb8u1A~4.2.4.201808200927 doc/errata/staging/clamav.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) [4.2-4] 2f0c313ad1 Bug #47474: clamav ANNOUNCE doc/errata/staging/clamav.yaml | 26 -------------------------- 1 file changed, 26 deletions(-) [4.2-4] 6fd42bfe8e Bug #47474: Advisory wording fix doc/errata/staging/clamav.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.2-4] 957ceef5ca Bug #47474: clamav 0.100.1+dfsg-0+deb8u0A~4.2.0.201808131059 doc/errata/staging/clamav.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) [4.2-4] a48e1cbca0 Bug #47474: clamav 0.100.1+dfsg-0+deb8u0A~4.2.0.201808131059 doc/errata/staging/clamav.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) |