[Bug 1732439] Re: Merge with debian: 0.99.3~beta1+dfsg-2

Fri, 24 Nov 2017 21:11:13 -0800 

This bug was fixed in the package clamav - 0.99.3~beta1+dfsg-2ubuntu1

---------------
clamav (0.99.3~beta1+dfsg-2ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable (LP: #1732439). Remaining changes:
    - Fix build by forcing llvm 3.9
      (testsuite seems to be failing)
    - debian/patches/fix_newer_zlib.patch: fix compatibility with zlib
      1.2.9 and newer (LP #1692073).
      [DEP3 header updated to indicate it was incorporated upstream]
  * Drop:
    * debian/patches/zlib-check.patch:
      + cherry-pick upstream fix for wrong zlib version check
        [Fixed upstream]
    - SECURITY UPDATE: DoS via crafted e-mail message
      + debian/patches/CVE-2017-6418.patch: fix invalid read in
        libclamav/message.c.
      + CVE-2017-6418
        [Fixed upstream]
    - SECURITY UPDATE: DoS via WWPack compression
      + debian/patches/CVE-2017-6420.patch: add bounds checks to
        libclamav/wwunpack.c.
      + debian/patches/CVE-2017-6420-2.patch: fix unit tests in
        libclamav/wwunpack.c, unit_tests/check_jsnorm.c.
      + CVE-2017-6420
        [Fixed upstream]

clamav (0.99.3~beta1+dfsg-2) unstable; urgency=medium

  * Build again against system's libmspack (dropped by accident)
    (Closes: #872594).
  * Don't replace config file with sample config after debconf gets disabled
    (in milter and daemon (Closes: #870253).
  * Update standards to 4.0.1
    - use invoke-rc.d instead of /etc/init.d.
    - drop priority extra from clamav-milter.
  * Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch
    by Václav Ovsík <vaclav.ov...@gmail.com> (Closes: #868766).

clamav (0.99.3~beta1+dfsg-1) unstable; urgency=medium

  * Upload to unstable
  * update to official beta1 release:
    - drop fts-no-use-AC_TRY_RUN.patch, applied upstream.

clamav (0.99.3~snapshot20170704+dfsg-1) experimental; urgency=medium

  * Update to upstream snapshot (commit
    144ef69462427b63a650294257c892b047601aac):
    - add config options
    - boost symbol file
    - drop applied patches:
      - Allow-M-suffix-for-PCREMaxFileSize.patch
      - bb11549-fix-temp-file-cleanup-issue.patch
      - clamav_add_private_fts_implementation.patch
      - drop-AllowSupplementaryGroups-option-and-make-it-def.patch
      - fix-ssize_t-size_t-off_t-printf-modifier.patch
      - libclamav-use-libmspack.patch
      - make_it_compile_against_openssl_1_1_0.patch
    - add new ones:
      - fts-no-use-AC_TRY_RUN.patch
      - clamsubmit-add-JSON-libs-to-clamsubmit.patch

 -- Andreas Hasenack <andr...@canonical.com>  Wed, 22 Nov 2017 19:56:26
-0200

** Changed in: clamav (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6418

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6420

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1732439

Title:
  Merge with debian: 0.99.3~beta1+dfsg-2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1732439/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to