-
clamav (0.103.8+dfsg-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to version 0.103.8 to fix security issues.
- debian/rules: bump CL_FLEVEL to 129.
- debian/libclamav9.symbols: updated CLAMAV_PRIVATE symbols to new
version.
- CVE-2023-20032, CVE-2023-20052
-- David Fernandez Gonzalez <email address hidden> Mon, 20 Feb 2023 16:07:28 +0100
-
clamav (0.103.6+dfsg-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to version 0.103.6 to fix security issues.
- Drop debian/patches/Fix-ck_assert_msg-call.patch, included in new
version
- debian/rules: bump CL_FLEVEL to 127.
- debian/libclamav9.symbols: updated CLAMAV_PRIVATE symbols to new
version.
- CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,
CVE-2022-20796
-- Marc Deslauriers <email address hidden> Thu, 12 May 2022 12:40:40 -0400
-
clamav (0.103.5+dfsg-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to version 0.103.5 to fix security issue.
- Sync most of packaging with 0.103.5+dfsg-1.
- CVE-2022-20698
-- Marc Deslauriers <email address hidden> Mon, 17 Jan 2022 08:50:58 -0500
-
clamav (0.103.2+dfsg-0ubuntu0.18.04.3) bionic; urgency=medium
* Deploy apparmor profile before first start of freshclam daemon.
- d/control: Add dh-apparmor as a build dependency
- d/rules: Add dh install override to deploy apparmor profiles
- d/clamav-daemon.postinst.in: Remove old apparmor profile deployment
- d/clamav-freshclam.postinst.in: Remove old apparmor profile deployment
Thanks to Sebastian Andrzej Siewior <email address hidden>.
(LP: #1925182)
-- Lena Voytek <email address hidden> Mon, 29 Nov 2021 10:13:20 -0700
-
clamav (0.103.2+dfsg-0ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY REGRESSION: clamdscan - MULTISCAN parameter causes
Segmentation fault.
(LP: #1926300)
- debian/patches/lp_1926300_multiscan_param_segfault.patch: fix
--fdpass -m & ExcludePath crash in clamd/scanner.c,
libclamav/others.h, libclamav/others_common.c,
unit_tests/check_clamd.c.
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 29 Apr 2021 08:33:37 -0300
-
clamav (0.103.2+dfsg-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to version 0.103.2 to fix security issues.
- Sync most of packaging with 0.103.2+dfsg-1.
- CVE-2021-1252, CVE-2021-1404, CVE-2021-1405
-- Marc Deslauriers <email address hidden> Thu, 15 Apr 2021 12:48:39 -0400
-
clamav (0.102.4+dfsg-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to 0.102.2 to fix security issues
- debian/libclamav9.symbols: updated for new version.
- debian/rules: bumped CL_FLEVEL to 115.
- CVE-2020-3327
- CVE-2020-3350
- CVE-2020-3481
-- Marc Deslauriers <email address hidden> Thu, 23 Jul 2020 09:08:18 -0400
-
clamav (0.102.3+dfsg-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to 0.102.2 to fix security issues
- debian/libclamav9.symbols: updated for new version.
- debian/rules: bumped CL_FLEVEL to 114.
- CVE-2020-3327
- CVE-2020-3341
-- Marc Deslauriers <email address hidden> Tue, 19 May 2020 14:24:37 -0400
-
clamav (0.102.2+dfsg-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to 0.102.2 to fix security issue (CVE-2020-3123)
- debian/patches/*: synced patches with 0.102.2+dfsg-1.
- debian/libclamav9.symbols: updated for new version.
- debian/rules: bumped CL_FLEVEL to 113.
-- Marc Deslauriers <email address hidden> Tue, 11 Feb 2020 08:45:45 -0500
-
clamav (0.102.1+dfsg-0ubuntu0.18.04.3) bionic; urgency=medium
* d/clamav-daemon.config.in: Correct error from ScanOnAccess option
removal so that setting LogFile options via DebConf works again
(Closes: #950296) (LP: #1860217)
-- Eric Desrochers <email address hidden> Thu, 06 Feb 2020 20:36:06 +0000
-
clamav (0.102.1+dfsg-0ubuntu0.18.04.2) bionic-security; urgency=medium
* Updated to 0.102.1 to fix security issue (CVE-2019-15961)
- debian/patches/*: synced patches with 0.102.1+dfsg-1ubuntu1.
- debian/clamav-daemon.*.in,clamav-freshclam.*.in,
clamav-daemon.templates: added new configuration options, dropped
ClamOnAccess.
- debian/clamav-deamon.install: install new clamonacc binary.
- debian/clamav-docs.*: removed missing docs.
- debian/libclamav9.install: added libfreshclam.so.2.
- debian/libclamav9.symbols: updated for new version.
- debian/rules: bumped CL_FLEVEL to 112.
-- Marc Deslauriers <email address hidden> Tue, 07 Jan 2020 10:53:05 -0500
-
clamav (0.101.4+dfsg-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to version 0.101.4 to fix security issues.
- debian/patches/*: sync patches with 0.101.4+dfsg-1ubuntu1.
- debian/clamav-daemon.postinst.in: removed DetectBrokenExecutables,
added MaxScanTime, HeuristicAlerts, Alert*.
- debian/*: updated for new library version.
- debian/libclamav9.symbols: updated for new version.
- debian/clamav-docs*, debian/rules: fix doc file locations.
- debian/libclam-dev.install: include new header file.
- CVE-2019-12625
- CVE-2019-12900
-- Marc Deslauriers <email address hidden> Tue, 24 Sep 2019 05:31:17 -0400
-
clamav (0.100.3+dfsg-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to version 0.100.3 to fix security issues. (LP: #1822503)
- debian/libclamav7.symbols: updated to new version.
- CVE-2019-1787
- CVE-2019-1788
- CVE-2019-1789
-- Marc Deslauriers <email address hidden> Thu, 04 Apr 2019 09:25:12 -0400
-
clamav (0.100.2+dfsg-1ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to version 0.100.2 to fix security issue.
- CVE-2018-15378
* Bump to new symbol version
- debian/rules: set CL_FLEVEL 93.
- debian/libclamav7.symbols: updated to new version.
-- Marc Deslauriers <email address hidden> Wed, 10 Oct 2018 13:25:28 -0400
-
clamav (0.100.1+dfsg-1ubuntu0.18.04.3) bionic-security; urgency=medium
* debian/clamav-daemon.config.in: fix infinite loop during
dpkg-reconfigure (LP: #1792051)
-- Marc Deslauriers <email address hidden> Thu, 13 Sep 2018 13:59:22 -0400
-
clamav (0.100.1+dfsg-1ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY REGRESSION: clamav-daemon fails to start due to options
removed in new version and manually edited configuration file.
(LP: #1783632)
- debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
add patch from Debian stretch to simply warn about removed options.
-- Marc Deslauriers <email address hidden> Thu, 26 Jul 2018 10:24:27 -0400
-
clamav (0.100.1+dfsg-1ubuntu0.18.04.1) bionic-security; urgency=medium
* Rebuild as security update for 18.04 to fix multiple issues
- CVE-2018-0360
- CVE-2018-0361
* Re-enable LLVM support:
- debian/control: add llvm-3.9-dev to BuildDepends.
- debian/rules: add llvm back.
* debian/clamav-daemon.postinst.in: updated version to drop support for
clamav-daemon.socket.
-- Marc Deslauriers <email address hidden> Thu, 19 Jul 2018 08:07:50 -0400
-
clamav (0.99.4+addedllvm-0ubuntu1) bionic; urgency=medium
* Updated to 0.99.4 to fix multiple security issues
- CVE-2018-0202
- CVE-2018-1000085
* Removed patches no longer required
- bb11549-fix-temp-file-cleanup-issue.patch
* debian/libclamav7.symbols,debian/rules: bumped cl_retflevel.
-- Marc Deslauriers <email address hidden> Wed, 07 Mar 2018 12:07:58 +0100
-
clamav (0.99.3+addedllvm-0ubuntu2) bionic; urgency=medium
* No-change rebuild against libcurl4
-- Steve Langasek <email address hidden> Wed, 28 Feb 2018 06:47:33 +0000
-
clamav (0.99.3+addedllvm-0ubuntu1) bionic; urgency=medium
* Updated to final 0.99.3 release. Previous beta release was based on the
dev tree, but 0.99.3 ended up being a security update to 0.99.2, so
some changes and functionality is reverted with this upload.
- Add back patches still needed with final 0.99.3:
+ Allow-M-suffix-for-PCREMaxFileSize.patch
+ bb11549-fix-temp-file-cleanup-issue.patch
+ drop-AllowSupplementaryGroups-option-and-make-it-def.patch
+ fix-ssize_t-size_t-off_t-printf-modifier.patch
+ libclamav-use-libmspack.patch
- debian/clamav-daemon.postinst.in: remove new options.
- debian/libclamav7.symbols: updated for 0.99.3.
- debian/libclamav7.symbols,debian/rules: bumped cl_retflevel.
- debian/rules: remove --with-system-libmspack.
- debian/patches/*: refreshed.
-- Marc Deslauriers <email address hidden> Tue, 13 Feb 2018 08:18:35 -0500
-
clamav (0.99.3~beta1+dfsg-2ubuntu2) bionic; urgency=high
* No change rebuild against openssl1.1.
-- Dimitri John Ledkov <email address hidden> Tue, 06 Feb 2018 12:41:32 +0000
-
clamav (0.99.3~beta1+dfsg-2ubuntu1) bionic; urgency=medium
* Merge with Debian unstable (LP: #1732439). Remaining changes:
- Fix build by forcing llvm 3.9
(testsuite seems to be failing)
- debian/patches/fix_newer_zlib.patch: fix compatibility with zlib
1.2.9 and newer (LP #1692073).
[DEP3 header updated to indicate it was incorporated upstream]
* Drop:
* debian/patches/zlib-check.patch:
+ cherry-pick upstream fix for wrong zlib version check
[Fixed upstream]
- SECURITY UPDATE: DoS via crafted e-mail message
+ debian/patches/CVE-2017-6418.patch: fix invalid read in
libclamav/message.c.
+ CVE-2017-6418
[Fixed upstream]
- SECURITY UPDATE: DoS via WWPack compression
+ debian/patches/CVE-2017-6420.patch: add bounds checks to
libclamav/wwunpack.c.
+ debian/patches/CVE-2017-6420-2.patch: fix unit tests in
libclamav/wwunpack.c, unit_tests/check_jsnorm.c.
+ CVE-2017-6420
[Fixed upstream]
clamav (0.99.3~beta1+dfsg-2) unstable; urgency=medium
* Build again against system's libmspack (dropped by accident)
(Closes: #872594).
* Don't replace config file with sample config after debconf gets disabled
(in milter and daemon (Closes: #870253).
* Update standards to 4.0.1
- use invoke-rc.d instead of /etc/init.d.
- drop priority extra from clamav-milter.
* Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch
by Václav Ovsík <email address hidden> (Closes: #868766).
clamav (0.99.3~beta1+dfsg-1) unstable; urgency=medium
* Upload to unstable
* update to official beta1 release:
- drop fts-no-use-AC_TRY_RUN.patch, applied upstream.
clamav (0.99.3~snapshot20170704+dfsg-1) experimental; urgency=medium
* Update to upstream snapshot (commit
144ef69462427b63a650294257c892b047601aac):
- add config options
- boost symbol file
- drop applied patches:
- Allow-M-suffix-for-PCREMaxFileSize.patch
- bb11549-fix-temp-file-cleanup-issue.patch
- clamav_add_private_fts_implementation.patch
- drop-AllowSupplementaryGroups-option-and-make-it-def.patch
- fix-ssize_t-size_t-off_t-printf-modifier.patch
- libclamav-use-libmspack.patch
- make_it_compile_against_openssl_1_1_0.patch
- add new ones:
- fts-no-use-AC_TRY_RUN.patch
- clamsubmit-add-JSON-libs-to-clamsubmit.patch
-- Andreas Hasenack <email address hidden> Wed, 22 Nov 2017 19:56:26 -0200
-
clamav (0.99.2+dfsg-6ubuntu2) artful; urgency=medium
* SECURITY UPDATE: DoS via crafted e-mail message
- debian/patches/CVE-2017-6418.patch: fix invalid read in
libclamav/message.c.
- CVE-2017-6418
* SECURITY UPDATE: DoS via WWPack compression
- debian/patches/CVE-2017-6420.patch: add bounds checks to
libclamav/wwunpack.c.
- debian/patches/CVE-2017-6420-2.patch: fix unit tests in
libclamav/wwunpack.c, unit_tests/check_jsnorm.c.
- CVE-2017-6420
* debian/patches/fix_newer_zlib.patch: fix compatibility with zlib
1.2.9 and newer (LP: #1692073).
-- Marc Deslauriers <email address hidden> Tue, 15 Aug 2017 16:04:46 -0400