Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 842813 (CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796, CVE-2022-20803)

Summary: <app-antivirus/clamav-0.103.6: multiple vulnerabilities
Product: Gentoo Security Reporter: Michael Orlitzky <mjo>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: antivirus
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 842849    
Bug Blocks:    

Description Michael Orlitzky gentoo-dev 2022-05-05 17:58:34 UTC
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

I've already updated the LTS version to clamav-0.103.6, which is ready for stabilization.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-05-06 00:12:59 UTC
(In reply to Michael Orlitzky from comment #0)
> https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
> 
> I've already updated the LTS version to clamav-0.103.6, which is ready for
> stabilization.

Thanks! I'll file it now (feel free in future, just have it block this bug).

The Rust part is going to be a pain for getting ~arch done though.
Comment 2 Larry the Git Cow gentoo-dev 2022-05-06 11:08:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=366458c1825e3d02679535e2316da19ed0fd99af

commit 366458c1825e3d02679535e2316da19ed0fd99af
Author:     Michael Orlitzky <mjo@gentoo.org>
AuthorDate: 2022-05-06 11:07:46 +0000
Commit:     Michael Orlitzky <mjo@gentoo.org>
CommitDate: 2022-05-06 11:07:46 +0000

    app-antivirus/clamav: remove vulnerable clamav-0.103.5.ebuild.
    
    Bug: https://bugs.gentoo.org/842813
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Michael Orlitzky <mjo@gentoo.org>

 app-antivirus/clamav/Manifest              |   1 -
 app-antivirus/clamav/clamav-0.103.5.ebuild | 239 -----------------------------
 2 files changed, 240 deletions(-)
Comment 3 Michael Orlitzky gentoo-dev 2022-05-06 11:10:50 UTC
(In reply to Sam James from comment #1)
> (In reply to Michael Orlitzky from comment #0)
> > https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
> > 
> > I've already updated the LTS version to clamav-0.103.6, which is ready for
> > stabilization.
> 
> Thanks! I'll file it now (feel free in future, just have it block this bug).
> 
> The Rust part is going to be a pain for getting ~arch done though.

Thanks. There is a v0.104.3 release for a quick fix without having to figure out the rust bits.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-10 15:56:37 UTC
Thanks mjo!
Comment 5 Larry the Git Cow gentoo-dev 2022-06-02 03:46:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eebb889a2e861c1cae85e57c0ded55d999f0c407

commit eebb889a2e861c1cae85e57c0ded55d999f0c407
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-06-02 03:46:00 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-02 03:46:20 +0000

    app-antivirus/clamav: add 0.104.3
    
    Bug: https://bugs.gentoo.org/842813
    Signed-off-by: Sam James <sam@gentoo.org>

 app-antivirus/clamav/Manifest              |   1 +
 app-antivirus/clamav/clamav-0.104.3.ebuild | 215 +++++++++++++++++++++++++++++
 2 files changed, 216 insertions(+)