Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 842813 (CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796, CVE-2022-20803) - <app-antivirus/clamav-0.103.6: multiple vulnerabilities
Summary: <app-antivirus/clamav-0.103.6: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796, CVE-2022-20803
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 842849
Blocks:
  Show dependency tree
 
Reported: 2022-05-05 17:58 UTC by Michael Orlitzky
Modified: 2023-10-01 08:40 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Orlitzky gentoo-dev 2022-05-05 17:58:34 UTC
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

I've already updated the LTS version to clamav-0.103.6, which is ready for stabilization.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-05-06 00:12:59 UTC
(In reply to Michael Orlitzky from comment #0)
> https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
> 
> I've already updated the LTS version to clamav-0.103.6, which is ready for
> stabilization.

Thanks! I'll file it now (feel free in future, just have it block this bug).

The Rust part is going to be a pain for getting ~arch done though.
Comment 2 Larry the Git Cow gentoo-dev 2022-05-06 11:08:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=366458c1825e3d02679535e2316da19ed0fd99af

commit 366458c1825e3d02679535e2316da19ed0fd99af
Author:     Michael Orlitzky <mjo@gentoo.org>
AuthorDate: 2022-05-06 11:07:46 +0000
Commit:     Michael Orlitzky <mjo@gentoo.org>
CommitDate: 2022-05-06 11:07:46 +0000

    app-antivirus/clamav: remove vulnerable clamav-0.103.5.ebuild.
    
    Bug: https://bugs.gentoo.org/842813
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Michael Orlitzky <mjo@gentoo.org>

 app-antivirus/clamav/Manifest              |   1 -
 app-antivirus/clamav/clamav-0.103.5.ebuild | 239 -----------------------------
 2 files changed, 240 deletions(-)
Comment 3 Michael Orlitzky gentoo-dev 2022-05-06 11:10:50 UTC
(In reply to Sam James from comment #1)
> (In reply to Michael Orlitzky from comment #0)
> > https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
> > 
> > I've already updated the LTS version to clamav-0.103.6, which is ready for
> > stabilization.
> 
> Thanks! I'll file it now (feel free in future, just have it block this bug).
> 
> The Rust part is going to be a pain for getting ~arch done though.

Thanks. There is a v0.104.3 release for a quick fix without having to figure out the rust bits.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-10 15:56:37 UTC
Thanks mjo!
Comment 5 Larry the Git Cow gentoo-dev 2022-06-02 03:46:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eebb889a2e861c1cae85e57c0ded55d999f0c407

commit eebb889a2e861c1cae85e57c0ded55d999f0c407
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-06-02 03:46:00 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-02 03:46:20 +0000

    app-antivirus/clamav: add 0.104.3
    
    Bug: https://bugs.gentoo.org/842813
    Signed-off-by: Sam James <sam@gentoo.org>

 app-antivirus/clamav/Manifest              |   1 +
 app-antivirus/clamav/clamav-0.104.3.ebuild | 215 +++++++++++++++++++++++++++++
 2 files changed, 216 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-31 03:58:47 UTC
GLSA request filed
Comment 7 Larry the Git Cow gentoo-dev 2023-10-01 08:39:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=de933a38b263b239206a394919eff4c8f72f835c

commit de933a38b263b239206a394919eff4c8f72f835c
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-01 08:37:38 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-01 08:39:35 +0000

    [ GLSA 202310-01 ] ClamAV: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/831083
    Bug: https://bugs.gentoo.org/842813
    Bug: https://bugs.gentoo.org/894672
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202310-01.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)