Changelog
clamav (0.98.7+dfsg-1) unstable; urgency=high
[ Andreas Cadhalpun ]
* Use SocketUser, SocketGroup and RemoveOnStop systemd socket options
instead of using ExecStartPost and ExecStopPost for that.
* Respect clamav-daemon's LocalSocket* options with the systemd unit by
extending the clamav-daemon.socket file appropriately, when running
dpkg-reconfigure clamav-daemon. (Closes: #783720)
* Disable this extendend configuration, when handling the configuration
file with debconf is disabled.
* Disable clamav-daemon.socket in prerm script.
[ Sebastian Andrzej Siewior ]
* Import new upstream:
- Improvements to PDF processing: decryption, escape sequence
handling, and file property collection.
- Scanning/analysis of additional Microsoft Office 2003 XML format.
- Fix infinite loop condition on crafted y0da cryptor file. Identified
and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
- Fix crash on crafted petite packed file. Reported and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
- Fix false negatives on files within iso9660 containers. This issue
was reported by Minzhuan Gong.
- Fix a couple crashes on crafted upack packed file. Identified and
patches supplied by Sebastian Andrzej Siewior.
- Fix a crash during algorithmic detection on crafted PE file.
Identified and patch supplied by Sebastian Andrzej Siewior.
- Fix an infinite loop condition on a crafted "xz" archive file.
This was reported by Dimitri Kirchner and Goulven Guiheux.
CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads.
Reported and fix suggested by John E. Krokes.
- Apply upstream patch for possible heap overflow in Henry Spencer's
regex library. CVE-2015-2305 (Closes: #778406).
- Fix crash in upx decoder with crafted file. Discovered and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
- Fix segfault scanning certain HTML files. Reported with sample by
Kai Risku.
- Improve detections within xar/pkg files.
* update GPG key used to verify releases to get uscan/get_orig.sh working
again.
* update symbol version for cl_retflevel due to CL_FLEVEL change.
-- Scott Kitterman <email address hidden> Fri, 01 May 2015 22:45:55 -0400