pkgsrc.se | The NetBSD package collection

./security/clamav, Anti-virus toolkit

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2020Q1, Version: 0.102.2nb1, Package name: clamav-0.102.2nb1, Maintainer: pkgsrc-users

Clam AntiVirus is an anti-virus toolkit written from scratch. It is licensed
under GNU GPL2 and uses the virus database from OpenAntiVirus, which is an
another free anti-virus project. In contrast to OpenAntiVirus (which is written
in Java), Clam AntiVirus is written entirely in C and its database is KEPT UP
TO DATE. It also detects polymorphic viruses as well.

DEINSTALL [+/-]

Required to run:
[devel/gmp] [devel/libltdl] [devel/pcre2] [archivers/libmspack] [www/curl]

Master sites:

http://www.clamav.net/downloads/production/ (Download)

SHA1: 9adabeac41736770aa22ae1ee1f8aba9e253cfaa
RMD160: a1ef9999257f02ca55abc8da73b4456e0f02ec80
Filesize: 12917.518 KB

Version history: (Expand)

(2020-04-20) Package added to pkgsrc.se, version clamav-0.102.2nb1 (created)

CVS history: (Expand)

2020-05-15 18:38:25 by Benny Siegert | Files touched by this commit (3) | Package updated

Log message:
Pullup ticket #6195 - requested by taca
security/clamav: security fix

Revisions pulled up:
- security/clamav/Makefile                                      1.64-1.65
- security/clamav/Makefile.common                               1.16
- security/clamav/distinfo                                      1.33

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Wed May  6 14:05:09 UTC 2020

   Modified Files:
   	pkgsrc/security/clamav: Makefile

   Log message:
   revbump after boost update

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed May 13 14:58:58 UTC 2020

   Modified Files:
   	pkgsrc/security/clamav: Makefile Makefile.common distinfo

   Log message:
   security/clamav: update to 0.102.3

   Update clamav to 0.102.3.

   ## 0.102.3

   ClamAV 0.102.3 is a bug patch release to address the following issues.

   - [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
     Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
     could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
     an unsigned variable results in an out-of-bounds read which causes a crash.

     Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
     parsing vulnerability.

   - [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
     Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
     could cause a Denial-of-Service (DoS) condition. Improper size checking of
     a buffer used to initialize AES decryption routines results in an out-of-
     bounds read which may cause a crash. Bug found by OSS-Fuzz.

   - Fix "Attempt to allocate 0 bytes" error when parsing some PDF \ 
documents.

   - Fix a couple of minor memory leaks.

   - Updated libclamunrar to UnRAR 5.9.2.