[Pkg-clamav-devel] Bug#950944: marked as done (clamav: Vulnerability in the Data-Loss-Prevention (DLP) module)

Sun, 09 Feb 2020 12:39:53 -0800 

Your message dated Sun, 09 Feb 2020 20:35:27 +0000
with message-id <[email protected]>
and subject line Bug#950944: fixed in clamav 0.102.2+dfsg-1
has caused the Debian Bug report #950944,
regarding clamav: Vulnerability in the Data-Loss-Prevention (DLP) module
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
950944: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950944
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: clamav
Version: 0.102.1+dfsg-0+deb10u2
Severity: important
Tags: upstream

CVE-2020-3123

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus
(ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated,
remote attacker to cause a denial of service condition on an affected device.
The vulnerability is due to an out-of-bounds read affecting users that have
enabled the optional DLP feature. An attacker could exploit this vulnerability
by sending a crafted email file to an affected device. An exploit could allow
the attacker to cause the ClamAV scanning process crash, resulting in a denial
of service condition.

Fixed in 0.102.2.

--- End Message ---
--- Begin Message --- 
Source: clamav
Source-Version: 0.102.2+dfsg-1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <[email protected]> (supplier of updated clamav 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 09 Feb 2020 20:24:46 +0100
Source: clamav
Architecture: source
Version: 0.102.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: ClamAV Team <[email protected]>
Changed-By: Sebastian Andrzej Siewior <[email protected]>
Closes: 950944
Changes:
 clamav (0.102.2+dfsg-1) unstable; urgency=medium
 .
   * Import 0.102.2
     - CVE-2020-3123 (DoS may occur in the optional DLP feature)
       (Closes: 950944).
   * Update symbol file.
   * Set ReceiveTimeout to 0 which is upstream default.
Checksums-Sha1:
 e29f5ecd85ccb2ce6a55070fcdf5f28ab0da220a 2771 clamav_0.102.2+dfsg-1.dsc
 ff24c66c9de5c4973a274b4ba77ea28053f75436 5017532 
clamav_0.102.2+dfsg.orig.tar.xz
 b23e68d44ebe1d82932e20962cdd1b1258bad62a 217828 
clamav_0.102.2+dfsg-1.debian.tar.xz
Checksums-Sha256:
 3b6e510ba44e87233d179a6b84e8c428517bd4cf1de969ab9126cbb833c96c5c 2771 
clamav_0.102.2+dfsg-1.dsc
 5b2bf1641cb92b955652d1ef4494682cd495600be160dd05d043ec4630f2587d 5017532 
clamav_0.102.2+dfsg.orig.tar.xz
 cd47ab3b397647a367982c47420a01606794002f73e31b1d559e1ba782766eb6 217828 
clamav_0.102.2+dfsg-1.debian.tar.xz
Files:
 0231d6e1e1e86f54cae304922624c112 2771 utils optional clamav_0.102.2+dfsg-1.dsc
 43ed644141336799139f7b09e1ad676b 5017532 utils optional 
clamav_0.102.2+dfsg.orig.tar.xz
 552e259a85eaebf098b6c5f5da8ab85d 217828 utils optional 
clamav_0.102.2+dfsg-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAl5AY4EACgkQBWQfF1cS
+lv1JAv+KFxciJiY0I2QknEFluLo/1mldFJeqpQv+AT4jsm3x4U3uATWGZl/bCyH
3nI/vZWdZS8ektzfF4Gmhc8a1D/af7gm5mEF3cd6mxw52tWScVu2rNhZFI+bbos/
rrLdlRM2PsbsfrBS2bxDtPCYQ8h6ZvhXcU2tJr4dWpGBfAAdC9sE+MB7Yh9lJD7t
E3Lks+V9iY3OGxEVXDzo/bVPi0O85Hxp0Ly8v9gq/5st4C+3embwCyPoGR9YL26+
AzfqHszIJL/TEQ1xRHskaaal8Tt3PvMAVs7D9FJxYgDcNIoQhONp/4LJf+kGLAkH
xHcvrwXRs1nfqJLIhEESSjT0Y42gSl3C6+sCwqyrX1qVFNFOILZywXoHy2RylxDu
8lG5gBsfudvyzlkZPebv7MymezzjPcsuSuGvKE4JvCkvo4gkO0Bqld8rq36zJykX
QB9s0uvs3ZvEAj0r0eGSUqJs+KbR8QRfGn8rSzJRplAvzYhc1r7XjaQxqkbwuN2z
AQT3q4fs
=CNL/
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel

Reply via email to