Bug#986790: marked as done (CVE-2021-1405 CVE-2021-1404 CVE-2021-1252)

2021-04-21 Thread Debian Bug Tracking System 
Your message dated Wed, 21 Apr 2021 21:47:08 +
with message-id 
and subject line Bug#986622: fixed in clamav 0.103.2+dfsg-0+deb10u1
has caused the Debian Bug report #986622,
regarding CVE-2021-1405 CVE-2021-1404 CVE-2021-1252
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986622: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: clamav
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

Please see 
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.103.2+dfsg-0+deb10u1
Done: Sebastian Andrzej Siewior 

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior  (supplier of updated clamav 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 14 Apr 2021 08:38:52 +0200
Source: clamav
Architecture: source
Version: 0.103.2+dfsg-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: ClamAV Team 
Changed-By: Sebastian Andrzej Siewior 
Closes: 960843 963853 972974 973619 986622
Changes:
 clamav (0.103.2+dfsg-0+deb10u1) buster; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * Import 0.103.2
 - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
 - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
 - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
 - Fix testsuite in an IPv6 only environment (Closes: #963853).
 - Update symbol file.
 - Drop CURL_CA_BUNDLE related patch, changes applied upstream.
(Closes: #986622).
   * Rename NEWS.Debian to NEWS.
   * Update lintian overrides.
   * Update apparmor profile for freshclam. Thanks to Michael Borgelt.
 (Closes: #972974)
   * Update apparmor profile for clamd. Thanks to Stefano Callegari.
 (Closes: #973619).
   * Remove deprecated option SafeBrowsing from debconf templates.
 .
   [ Helmut Grohne ]
   * Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843)
Checksums-Sha1:
 97ae77d5b851bf714bf531e0b59380aee558f31a 2818 clamav_0.103.2+dfsg-0+deb10u1.dsc
 461ec3a7b45851e31a1cd9a4458473f9b4dc2677 5123788 
clamav_0.103.2+dfsg.orig.tar.xz
 b97c89e34d2d19ce3481405573b824bc236ac476 219196 
clamav_0.103.2+dfsg-0+deb10u1.debian.tar.xz
Checksums-Sha256:
 89b3710e3557779a1e44f3c4e0b025485a2f1c646827c7897c6a2828a048948f 2818 
clamav_0.103.2+dfsg-0+deb10u1.dsc
 1f5d08342552f4b011521f44dd25e732dc79531ed2b54db385f8520496026371 5123788 
clamav_0.103.2+dfsg.orig.tar.xz
 f0b3a38c9e9d4982268803d3d0a2f9e988f5272ebe1e90791eada811300efa9a 219196 
clamav_0.103.2+dfsg-0+deb10u1.debian.tar.xz
Files:
 e6662a7da2fc99a18844cbbcaf153181 2818 utils optional 
clamav_0.103.2+dfsg-0+deb10u1.dsc
 246d43d86d170e5aad57d512f4b0f6f8 5123788 utils optional 
clamav_0.103.2+dfsg.orig.tar.xz
 bd423c06620b81afa231cec0736066bd 219196 utils optional 
clamav_0.103.2+dfsg-0+deb10u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmCAevoACgkQBWQfF1cS
+lshWQv9HRE7RtIyIy8Jg59jbpB/NbwP3rGVxyZei3ZOqBb6oMz0ZDYnOKl7kG7I
OkrVYhrS0AvNQx7cFKeo45iIzDcw0ziFio3EPApaJsR2WSp3RkLIPEsYzhN9x1bT
qaEdZEHEQS/394s3gEne8X7XhRKBm5ZcZqF+YXcXpRFCwhfcnb1jEQszx0V3jyQH
mwacjW/knXz91GMlUG1laGrkzE+LbMM2DNPhWclxSKzWV5yEG02WQfVvynhJ4x12
U6x7tMFETVnUEi5o8XEmPzv5JcO72tYgvfbSSc1kCH/1rX99z7SNVjRA4fSRdZaz
kz24YU2E2qHX+UaeWX3jOJwviGkWS75W4prJwmZ+ljDOsa14/kWeWfKCTNDBywbk
pXZDJQUYh0T+F/7xPrCZNDtcqHEU7dMj9iHWCjjnUsfKDbtZCBJ7TUDjlftpFArV
3dgB6lfO3QkNTSU3w41+3FXxdOOkfaIDBzVV2fgS0Xi09DSaxwsYNLcvc1BepwHa
OlAvX9KG
=yZXw
-END PGP SIGNATURE End Message ---

Bug#986790: marked as done (CVE-2021-1405 CVE-2021-1404 CVE-2021-1252)

2021-04-12 Thread Debian Bug Tracking System 
Your message dated Mon, 12 Apr 2021 19:48:27 +
with message-id 
and subject line Bug#986622: fixed in clamav 0.103.2+dfsg-1
has caused the Debian Bug report #986622,
regarding CVE-2021-1405 CVE-2021-1404 CVE-2021-1252
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
986622: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: clamav
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team 

Please see 
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: clamav
Source-Version: 0.103.2+dfsg-1
Done: Sebastian Andrzej Siewior 

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior  (supplier of updated clamav 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 12 Apr 2021 21:31:08 +0200
Source: clamav
Architecture: source
Version: 0.103.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: ClamAV Team 
Changed-By: Sebastian Andrzej Siewior 
Closes: 986622
Changes:
 clamav (0.103.2+dfsg-1) unstable; urgency=medium
 .
   * Import 0.103.2
 - CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
 - CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
 - CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
 - Update symbol file.
(Closes: #986622).
Checksums-Sha1:
 ec6abbe689364881025ef8980c3b37015eb996d2 2777 clamav_0.103.2+dfsg-1.dsc
 461ec3a7b45851e31a1cd9a4458473f9b4dc2677 5123788 
clamav_0.103.2+dfsg.orig.tar.xz
 2f6896bb20cb32b31edd03dae496e821ac239d06 220248 
clamav_0.103.2+dfsg-1.debian.tar.xz
Checksums-Sha256:
 8754a64602d698ba82d80b673933fb3141ad42e5966ad688b12a3f269a78 2777 
clamav_0.103.2+dfsg-1.dsc
 1f5d08342552f4b011521f44dd25e732dc79531ed2b54db385f8520496026371 5123788 
clamav_0.103.2+dfsg.orig.tar.xz
 9a6827ee763c6734da59277d97514a5a018d307c4976ea5ab44ded6a4479046b 220248 
clamav_0.103.2+dfsg-1.debian.tar.xz
Files:
 6348840ef9cf8b0069d26cb0adf61d93 2777 utils optional clamav_0.103.2+dfsg-1.dsc
 246d43d86d170e5aad57d512f4b0f6f8 5123788 utils optional 
clamav_0.103.2+dfsg.orig.tar.xz
 c1548d055b0400ed1ae6ad769620a568 220248 utils optional 
clamav_0.103.2+dfsg-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmB0oh0ACgkQBWQfF1cS
+lttKQv+OrFkvYOTM0NzFTs7GstLJQNDgcDIIpoCzp7J+EzYqwVL0hiygyjCnEdZ
fJGZkZGDFFpS8QEkJTgAOh9Y4dMSEIxpCHCUiz6YmXVdDA6Yp5flBJ5pxXveZP6O
67QMN6Y7V6Q7EERjZ8G+ZImWG/9beZNfCWHV0qHodf3QstpBC5r78539F/rLgA3B
TJj06Epq7bTwRQ1i63F/HsVUI2I997JrbSqxX1WPqIKqLjh4akFMhZfMPILDfD/i
TkhMCgbbltm5VdpyYIMyPBV9G+rhhamOwcNKkZjNNbLP4WLx4uriwwK/vHelOu8x
L4Jvfvv9Vh16+3JpRKyadJuuJ9wV8EfNXQzKv0Vra9/mdBmBFdUXYWiQFaeqNgvX
NYvOqxKlQnBcwBP14DqMMpVOtewdjBxmHOeXTHM7I4kUfAo+RURMoN7/j/ryw9GC
cuhRsbXxLQwf/zyyFKFqyKr1701l3VXQALWleSqXDsarK8bktHZSzqwYZOlUlDtD
RsyyNYc/
=6Ng6
-END PGP SIGNATURE End Message ---