Debian
clamav package

clamav 0.98.7+dfsg-1 source package in Debian

Changelog

clamav (0.98.7+dfsg-1) unstable; urgency=high

  [ Andreas Cadhalpun ]
  * Use SocketUser, SocketGroup and RemoveOnStop systemd socket options
    instead of using ExecStartPost and ExecStopPost for that.
  * Respect clamav-daemon's LocalSocket* options with the systemd unit by
    extending the clamav-daemon.socket file appropriately, when running
    dpkg-reconfigure clamav-daemon. (Closes: #783720)
  * Disable this extendend configuration, when handling the configuration
    file with debconf is disabled.
  * Disable clamav-daemon.socket in prerm script.

  [ Sebastian Andrzej Siewior ]
  * Import new upstream:
    - Improvements to PDF processing: decryption, escape sequence
      handling, and file property collection.
    - Scanning/analysis of additional Microsoft Office 2003 XML format.
    - Fix infinite loop condition on crafted y0da cryptor file. Identified
      and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
    - Fix crash on crafted petite packed file. Reported and patch
      supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
    - Fix false negatives on files within iso9660 containers. This issue
      was reported by Minzhuan Gong.
    - Fix a couple crashes on crafted upack packed file. Identified and
      patches supplied by Sebastian Andrzej Siewior.
    - Fix a crash during algorithmic detection on crafted PE file.
      Identified and patch supplied by Sebastian Andrzej Siewior.
    - Fix an infinite loop condition on a crafted "xz" archive file.
      This was reported by Dimitri Kirchner and Goulven Guiheux.
      CVE-2015-2668.
    - Fix compilation error after ./configure --disable-pthreads.
      Reported and fix suggested by John E. Krokes.
    - Apply upstream patch for possible heap overflow in Henry Spencer's
      regex library. CVE-2015-2305 (Closes: #778406).
    - Fix crash in upx decoder with crafted file. Discovered and patch
      supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
    - Fix segfault scanning certain HTML files. Reported with sample by
      Kai Risku.
    - Improve detections within xar/pkg files.
  * update GPG key used to verify releases to get uscan/get_orig.sh working
    again.
  * update symbol version for cl_retflevel due to CL_FLEVEL change.

 -- Scott Kitterman <email address hidden>  Fri, 01 May 2015 22:45:55 -0400

Upload details

Uploaded by:
ClamAV Team
Uploaded to:
Sid
Original maintainer:
ClamAV Team
Architectures:
any all
Section:
utils
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
clamav_0.98.7+dfsg-1.dsc 3.0 KiB 30ea134e3f4e03a2f0335c026a29ab9f57f733cd4863597d1d985cdc40e98086
clamav_0.98.7+dfsg.orig.tar.xz 7.9 MiB 3a153ccdde90702dc175bd251784b66f09431b517da4ca8c99407ecd3e295fa5
clamav_0.98.7+dfsg-1.debian.tar.xz 236.5 KiB 993a5be4ac798cb6a4beb7bc3ca481c3dc1b22b4918116834e9618dbd7e8e094

No changes file available.

Binary packages built by this source