Path to this page:
Subject: CVS commit: [pkgsrc-2021Q4] pkgsrc/security/clamav
From: Benny Siegert
Date: 2022-01-21 16:49:19
Message id: 20220121154919.41352FB24@cvs.NetBSD.org
Log Message:
Pullup ticket #6571 - requested by taca
security/clamav: security fix
Revisions pulled up:
- security/clamav/Makefile 1.82
- security/clamav/Makefile.common 1.22
- security/clamav/distinfo 1.41
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 13 15:28:22 UTC 2022
Modified Files:
pkgsrc/security/clamav: Makefile Makefile.common distinfo
Log Message:
security/clamav: update to 0.103.5
0.103.5 (2022-01-12)
ClamAV 0.103.5 is a critical patch release with the following fixes:
* \
CVE-2022-20698<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698>:
Fix for invalid pointer read that may cause a crash. This issue affects
0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json
option) is enabled.
Cisco would like to thank Laurent Delosieres of ManoMano for reporting
this vulnerability.
* Fixed ability to disable the file size limit with libclamav C API, like
this:
cl_engine_set_num(engine, CL_ENGINE_MAX_FILESIZE, 0);
This issue didn't affect ClamD or ClamScan which also can disable the
limit by setting it to zero using MaxFileSize 0 in clamd.conf for ClamD,
or clamscan --max-filesize=0 for ClamScan.
Note: Internally, the max file size is still set to 2 GiB. Disabling the
limit for a scan will fall back on the internal 2 GiB limitation.
* Increased the maximum line length for ClamAV config files from 512 bytes
to 1,024 bytes to allow for longer config option strings.
* SigTool: Fix insufficient buffer size for --list-sigs that caused a
failure when listing a database containing one or more very long
signatures. This fix was backported from 0.104.
Special thanks to the following for code contributions and bug reports:
* Laurent Delosieres
Files: