[Bug 2085222] Re: Merge clamav from Debian unstable for plucky

Mon, 20 Jan 2025 10:26:05 -0800 

This bug was fixed in the package clamav - 1.4.1+dfsg-1ubuntu1

---------------
clamav (1.4.1+dfsg-1ubuntu1) plucky; urgency=medium

  * Merge with Debian unstable (LP: #2085222). Remaining changes:
    - clamav-base.postinst.in: Quell warning from check for clamav user
      (LP #1920217).
    - d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
      recognize the "None" type specified by dh-cmake.
      (LP #2071663)
    - Extend ifupdown script to support networkd-dispatcher.
      + d/clamav-freshclam-ifupdown: Modernize some parts of
        the script.  Implement support for networkd-dispatcher.
      + d/clamav-freshclam.links: Install the
        clamav-freshclam-ifupdown script inside the proper
        /usr/lib/networkd-dispatcher/{off,routable}.d/
        directories. (LP #1718227)
    - debian/po: update translations
  * Dropped:
    - SECURITY UPDATE: out of bounds read in PDF parser
      + debian/patches/CVE-2024-20505.patch: add more checks to
        libclamav/pdf.c, libclamav/pdfng.c.
      + CVE-2024-20505
      [Included in Debian 1.4.1+dfsg-1]
    - SECURITY UPDATE: file overwrite via log file symlinks
      + debian/patches/CVE-2024-20506.patch: disable following symlinks when
        opening log files in common/output.c.
      + CVE-2024-20506
      [Included in Debian 1.4.1+dfsg-1]
    - d/patches: add a patch to make the build system respect the rustflags
      (LP #2071663).
      [Taken upstream in 1.4.0]
    - d/rules, d/s/include-binaries,
      d/p/Fix-unit-test-caused-by-expiring-signing-certificate.patch:
      Fix signing of "text.exe" with expired certs.
      (LP #2078478)
      [Already present in Debian 1.3.1+dfsg-5]

clamav (1.4.1+dfsg-1) unstable; urgency=medium

  * Import 1.4.1 (Closes: #1080962)
    - CVE-2024-20506 (Changed the logging module to disable following symlinks
      on Linux)
    - CVE-2024-20505 (Fixed a possible out-of-bounds read bug in the PDF file
      parser).

 -- Bryce Harrington <br...@canonical.com>  Thu, 16 Jan 2025 16:27:52
-0800

** Changed in: clamav (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-20505

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-20506

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085222

Title:
  Merge clamav from Debian unstable for plucky

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2085222/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to