Your message dated Sat, 22 Feb 2020 19:32:07 +0000
with message-id <[email protected]>
and subject line Bug#950944: fixed in clamav 0.102.2+dfsg-0+deb10u1
has caused the Debian Bug report #950944,
regarding clamav: Vulnerability in the Data-Loss-Prevention (DLP) module
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
950944: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950944
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: clamav
Version: 0.102.1+dfsg-0+deb10u2
Severity: important
Tags: upstream
CVE-2020-3123
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus
(ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated,
remote attacker to cause a denial of service condition on an affected device.
The vulnerability is due to an out-of-bounds read affecting users that have
enabled the optional DLP feature. An attacker could exploit this vulnerability
by sending a crafted email file to an affected device. An exploit could allow
the attacker to cause the ClamAV scanning process crash, resulting in a denial
of service condition.
Fixed in 0.102.2.
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.102.2+dfsg-0+deb10u1
Done: Sebastian Andrzej Siewior <[email protected]>
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <[email protected]> (supplier of updated clamav
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Feb 2020 14:39:45 +0100
Source: clamav
Architecture: source
Version: 0.102.2+dfsg-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: ClamAV Team <[email protected]>
Changed-By: Sebastian Andrzej Siewior <[email protected]>
Closes: 950944 951057
Changes:
clamav (0.102.2+dfsg-0+deb10u1) buster; urgency=medium
.
* Import 0.102.2
- CVE-2020-3123 (DoS may occur in the optional DLP feature)
(Closes: 950944).
* Update symbol file.
* Set ReceiveTimeout to 0 which is upstream default.
* Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
to set the CA bundle (like curl does) (Closes: #951057).
* Recommend ca-certificates, new freshclash uses https by default.
Checksums-Sha1:
09907e98a512db20ceb481ecc1293f684b84ae1f 2818 clamav_0.102.2+dfsg-0+deb10u1.dsc
aba1584a99a8cffa1d2bfa6b61e5bc3a14ccbaf2 219252
clamav_0.102.2+dfsg-0+deb10u1.debian.tar.xz
Checksums-Sha256:
751686af9c343f385ff6c36057270b1b99a2c0d95eb624d83ce6e6c958e00082 2818
clamav_0.102.2+dfsg-0+deb10u1.dsc
6e38c9082a56d52c7929f3340da201176f3c947d40344ca8adf79e33cc162619 219252
clamav_0.102.2+dfsg-0+deb10u1.debian.tar.xz
Files:
ce56a07d8842f7ae06fd23f37eceb5cf 2818 utils optional
clamav_0.102.2+dfsg-0+deb10u1.dsc
af0e787d6977a8c0c89842cff116fab9 219252 utils optional
clamav_0.102.2+dfsg-0+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAl5RNwEACgkQBWQfF1cS
+ltuRAv+NuF7BFFl8efXouPTmm0cdqybBOqxouKhXYemPnENi2QNYvAMXkUwL4e1
n8UJfFkbv6yZhXK5kY9DERcyMBZFCBUzs9ZQa96qJlskTC1fVlTuiJpLvmvtFH2R
OonZINCz9WK1chWZMhBN+wYNRY15EM8kNsd1oXpJuSUzjga3QXEF+F7uXz5LQgma
XO9LxhJry8aBYhqo6Jld86YKk2XUP9uH9A7ylgAHoRumAAdvLEDDofyPpR9Pws90
sA0KTILvjfbf9/4f2AR8Xlb/qCTb7wEyEa6YXiD7r9dRoaosQH0PIzCzIhNorgMP
OD0hfvt+N0OvWWtj+DEGprDM0cGfn74DVUMtBoqJV8i+KA/4wDsuCbnnWnim6Fn+
+mVz3o4q0JKmodDaPaPIvbNkDMNe6aF9VHXzwYP5gRy+9mJQ4dJSO+8MdlX3rl2X
uPAqlJDTk6WibL+HsDuBHxWiwOTtCMMG71Qc0ox/XK77k+AOMJOANVLR104TM3Gs
ULx4AThH
=TUl1
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel
