Navigation:
Browse pkgsrc
(this page)
security clamav
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2015-05-24 13:33:38 by Matthias Scheler | Files touched by this commit (3) |  |
Log message:
Pullup ticket #4732 - requested by bouyer
security/clamav: security update
Revisions pulled up:
- security/clamav/Makefile 1.24
- security/clamav/Makefile.common 1.2
- security/clamav/distinfo 1.19
---
Module Name: pkgsrc
Committed By: bouyer
Date: Wed May 20 21:15:26 UTC 2015
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common distinfo
Log message:
Update clamav to 0.98.7.
This release contains new scanning features and bug fixes.
- Improvements to PDF processing: decryption, escape sequence
handling, and file property collection.
- Scanning/analysis of additional Microsoft Office 2003 XML format.
- Fix infinite loop condition on crafted y0da cryptor file. Identified
and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
- Fix crash on crafted petite packed file. Reported and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
- Fix false negatives on files within iso9660 containers. This issue
was reported by Minzhuan Gong.
- Fix a couple crashes on crafted upack packed file. Identified and
patches supplied by Sebastian Andrzej Siewior.
- Fix a crash during algorithmic detection on crafted PE file.
Identified and patch supplied by Sebastian Andrzej Siewior.
- Fix an infinite loop condition on a crafted "xz" archive file.
This was reported by Dimitri Kirchner and Goulven Guiheux.
CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads.
Reported and fix suggested by John E. Krokes.
- Apply upstream patch for possible heap overflow in Henry Spencer's
regex library. CVE-2015-2305.
- Fix crash in upx decoder with crafted file. Discovered and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
- Fix segfault scanning certain HTML files. Reported with sample by
Kai Risku.
- Improve detections within xar/pkg files.
|
New packages: