Summary: | <app-antivirus/clamav-0.99.4: multiple vulnerabilities (CVE-2018-{0202,1000085}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | antivirus, net-mail+disabled, toto |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://blog.clamav.net/2018/03/clamav-0994-has-been-released.html | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
app-antivirus/clamav-0.99.4-r1
|
Runtime testing required: | --- |
Bug Depends on: | 649516 | ||
Bug Blocks: | 623534, 625632, 628686, 628690, 645794 |
Description
GLSAMaker/CVETool Bot
2018-03-02 00:51:41 UTC
CVE-2018-0202: Two newly reported vulnerabilities in the PDF parsing code. @ Arches, please test and mark stable: =app-antivirus/clamav-0.99.4 ia64 stable x86 stopped stabilization due to bug 649516. tested on amd64, scanned 30mil. files, no problem ppc Builds ok, but one test fails (bug #634142). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6164b7059e16d9c3f862ba52fd159297c7d2fe0e commit 6164b7059e16d9c3f862ba52fd159297c7d2fe0e Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-03-29 02:12:36 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-03-29 02:12:36 +0000 app-antivirus/clamav: amd64 stable Bug: https://bugs.gentoo.org/649314 Package-Manager: Portage-2.3.26, Repoman-2.3.7 app-antivirus/clamav/clamav-0.99.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} Restarting stabilization. Previous arch teams didn't notice the problem because clamav had an automagic on dev-libs/check. Without this package, the test revealing a major problem with zlib, wasn't run. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=761684544e0f106bf88eeebd083ac2f8ada95c2c commit 761684544e0f106bf88eeebd083ac2f8ada95c2c Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-03-30 00:14:54 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-03-30 00:14:54 +0000 app-antivirus/clamav: amd64 stable Bug: https://bugs.gentoo.org/649314 Package-Manager: Portage-2.3.26, Repoman-2.3.7 app-antivirus/clamav/clamav-0.99.4-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} ia64 stable Stable on alpha. x86 stable ppc64 stable hppa stable @maintainer(s), please clean vulnerable. GLSA request filed. This issue was resolved and addressed in GLSA 201804-16 at https://security.gentoo.org/glsa/201804-16 by GLSA coordinator Aaron Bauman (b-man). re-opened for final arch and cleanup. ppc stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=587259d7f37f395fb06bb8acd08f71c5c2049dea commit 587259d7f37f395fb06bb8acd08f71c5c2049dea Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-05-26 14:15:44 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-05-26 14:15:44 +0000 app-antivirus/clamav: drop vulnerable Bug: https://bugs.gentoo.org/649314 Package-Manager: Portage-2.3.40, Repoman-2.3.9 app-antivirus/clamav/Manifest | 2 - app-antivirus/clamav/clamav-0.99.2-r1.ebuild | 158 -------------------------- app-antivirus/clamav/clamav-0.99.2-r3.ebuild | 159 -------------------------- app-antivirus/clamav/clamav-0.99.3-r1.ebuild | 159 -------------------------- app-antivirus/clamav/clamav-0.99.3-r2.ebuild | 160 --------------------------- app-antivirus/clamav/clamav-0.99.4.ebuild | 156 -------------------------- 6 files changed, 794 deletions(-) |