Advisory: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html """ ClamAV 0.103.8 is a critical patch release with the following fixes: CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue. CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue. """ Same CVEs/vulnerabilities for the other branches.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78569113fc96741dc3a95e56dd32e554d1599ba3 commit 78569113fc96741dc3a95e56dd32e554d1599ba3 Author: Matt Jolly <Matt.Jolly@footclan.ninja> AuthorDate: 2023-02-16 23:20:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-02-17 05:08:30 +0000 app-antivirus/clamav: drop 1.0.0 Bug: https://bugs.gentoo.org/894672 Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja> Signed-off-by: Sam James <sam@gentoo.org> app-antivirus/clamav/Manifest | 42 --- app-antivirus/clamav/clamav-1.0.0.ebuild | 384 --------------------- .../clamav/files/clamav-1.0.0-select-python.patch | 44 --- 3 files changed, 470 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6561cb9306d5c09bcdc815b83ee973637cb12e7c commit 6561cb9306d5c09bcdc815b83ee973637cb12e7c Author: Matt Jolly <Matt.Jolly@footclan.ninja> AuthorDate: 2023-02-16 23:18:50 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-02-17 05:08:29 +0000 app-antivirus/clamav: add 1.0.1 Bug: https://bugs.gentoo.org/894672 Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja> Signed-off-by: Sam James <sam@gentoo.org> app-antivirus/clamav/Manifest | 45 +++ app-antivirus/clamav/clamav-1.0.1.ebuild | 387 +++++++++++++++++++++ .../clamav/files/clamav-1.0.1-select-python.patch | 44 +++ 3 files changed, 476 insertions(+)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=de933a38b263b239206a394919eff4c8f72f835c commit de933a38b263b239206a394919eff4c8f72f835c Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-01 08:37:38 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-01 08:39:35 +0000 [ GLSA 202310-01 ] ClamAV: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/831083 Bug: https://bugs.gentoo.org/842813 Bug: https://bugs.gentoo.org/894672 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-01.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)
