Your message dated Sat, 22 Feb 2020 19:32:37 +0000
with message-id <[email protected]>
and subject line Bug#950944: fixed in clamav 0.102.2+dfsg-0~deb9u1
has caused the Debian Bug report #950944,
regarding clamav: Vulnerability in the Data-Loss-Prevention (DLP) module
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
950944: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950944
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: clamav
Version: 0.102.1+dfsg-0+deb10u2
Severity: important
Tags: upstream
CVE-2020-3123
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus
(ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated,
remote attacker to cause a denial of service condition on an affected device.
The vulnerability is due to an out-of-bounds read affecting users that have
enabled the optional DLP feature. An attacker could exploit this vulnerability
by sending a crafted email file to an affected device. An exploit could allow
the attacker to cause the ClamAV scanning process crash, resulting in a denial
of service condition.
Fixed in 0.102.2.
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.102.2+dfsg-0~deb9u1
Done: Sebastian Andrzej Siewior <[email protected]>
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <[email protected]> (supplier of updated clamav
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Feb 2020 14:43:26 +0100
Source: clamav
Architecture: source
Version: 0.102.2+dfsg-0~deb9u1
Distribution: stretch
Urgency: medium
Maintainer: ClamAV Team <[email protected]>
Changed-By: Sebastian Andrzej Siewior <[email protected]>
Closes: 950944 951057
Changes:
clamav (0.102.2+dfsg-0~deb9u1) stretch; urgency=medium
.
* Import 0.102.2
- CVE-2020-3123 (DoS may occur in the optional DLP feature)
(Closes: 950944).
* Update symbol file.
* Set ReceiveTimeout to 0 which is upstream default.
* Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
to set the CA bundle (like curl does) (Closes: #951057).
* Recommend ca-certificates, new freshclash uses https by default.
Checksums-Sha1:
2b5e490657f2584d81706e8db097a876ae409a62 2889 clamav_0.102.2+dfsg-0~deb9u1.dsc
9f2880474e0d8fd3945f3fa902889cbb145a31ad 220224
clamav_0.102.2+dfsg-0~deb9u1.debian.tar.xz
Checksums-Sha256:
ea10817cd56e7d3c60027ab35b1ab3280f9e9355507a9fe11af724a7f2208920 2889
clamav_0.102.2+dfsg-0~deb9u1.dsc
46f08633e3883078639d0a47fdcda520672f92b0618f90969d633a81fcf9e242 220224
clamav_0.102.2+dfsg-0~deb9u1.debian.tar.xz
Files:
0b6afaf7b72d5e76853324f7397a2c29 2889 utils optional
clamav_0.102.2+dfsg-0~deb9u1.dsc
0cb7b99c6999e18d26cbd01bb4616ced 220224 utils optional
clamav_0.102.2+dfsg-0~deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAl5RNvUACgkQBWQfF1cS
+luzRwv/UkqEV4IfjNmuw86K+3pousby+nf4AaCWLI+b543Z4aB4xfnocC9EbG1j
b/CCH8Ex+hbX5E3KAX52mk1Sdi1AebVY4oosN41QFc+vk2qED/dXJeC2T9x+vPaK
ynCBRPeQbX8l0Jin8TFFn5gKTfPGS2QtQux9B+yeC1FEfbNy2KOjvo73FEIjqY9K
6x3T8o23v6p15htOkVbgEBeFxK+zjtmJo0Y8L+CL9phKU0+g7yH1SYLvPBMZq4M2
AhdFiYS/8O6A5bgAv23o4F5HNehVK2e64S5dPOmC1PSROV4mJI5/eIRGGgt/N8lT
9TOxfd24WlnyqfRskLE0JSZQCEVeYqDiA+vCrWtzV7i2d3+vgVFoR+OXkx6uuppm
yij9vJkdxpKyx8Hh9w4iC/BQ4RTuKZO7tX3KB3s4KV+gw0YNs+p1Oa/8I3uT8hwG
FFTUbARciO7A2WwPgSYVd4uUmkbBUDr8bPoYlnqm1yo46xVDEtB/Itnru0ku3/bS
UNaUXeD6
=o8oD
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel
