Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2022-05-06 18:59:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clamav" Fri May 6 18:59:55 2022 rev:118 rq:975373 version:0.103.6 Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2022-04-20 16:57:13.598617255 +0200 +++ /work/SRC/openSUSE:Factory/.clamav.new.1538/clamav.changes 2022-05-06 19:00:19.669421367 +0200 @@ -1,0 +2,34 @@ +Thu May 5 15:50:42 UTC 2022 - Arjen de Korte <suse+bu...@de-korte.org> + +- Update to 0.103.6 + * CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM + file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS + version 0.103.5 and prior versions. (boo#1199242) + * CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the + scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, + 0.104.1, and 0.104.2. (boo#1199246) + * CVE-2022-20771: Fixed a possible infinite loop vulnerability in the + TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and + LTS version 0.103.5 and prior versions. The issue only occurs if the + "--alert-broken-media" ClamScan option is enabled. For ClamD, the + affected option is "AlertBrokenMedia yes", and for libclamav it is the + "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. (boo#1199244) + * CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / + Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 + and LTS version 0.103.5 and prior versions. (boo#1199245) + * CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write + vulnerability in the signature database load module. The fix was to + update the vendored regex library to the latest version. Issue affects + versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior + versions. (boo#1199274) + * ClamOnAcc: Fixed a number of assorted stability issues and added + niceties for debugging ClamOnAcc. + * Fixed an issue causing byte-compare subsignatures to cause an alert + when they match even if other conditions of the given logical + signatures were not met. + * Fix memleak when using multiple byte-compare subsignatures. This fix + was backported from 0.104.0. + * Assorted bug fixes and improvements. +- Remove upstreamed clamav-ck_assert_msg.patch + +------------------------------------------------------------------- Old: ---- clamav-0.103.5.tar.gz clamav-0.103.5.tar.gz.sig clamav-ck_assert_msg.patch New: ---- clamav-0.103.6.tar.gz clamav-0.103.6.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.pLXLEN/_old 2022-05-06 19:00:20.549422329 +0200 +++ /var/tmp/diff_new_pack.pLXLEN/_new 2022-05-06 19:00:20.557422338 +0200 @@ -19,7 +19,7 @@ %bcond_with clammspack %bcond_with valgrind Name: clamav -Version: 0.103.5 +Version: 0.103.6 Release: 0 Summary: Antivirus Toolkit License: GPL-2.0-only @@ -39,7 +39,6 @@ Patch5: clamav-obsolete-config.patch Patch6: clamav-disable-yara.patch Patch12: clamav-fips.patch -Patch13: clamav-ck_assert_msg.patch Patch14: clamav-document-maxsize.patch BuildRequires: autoconf @@ -148,7 +147,6 @@ %patch5 %patch6 %patch12 -%patch13 -p1 %patch14 -p1 %build ++++++ clamav-0.103.5.tar.gz -> clamav-0.103.6.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-0.103.5.tar.gz /work/SRC/openSUSE:Factory/.clamav.new.1538/clamav-0.103.6.tar.gz differ: char 5, line 1
