Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

2021-04-14 Thread Joel Esler (jesler) via clamav-users
I understand the request. The new key is signed with the old key already. > On Apr 14, 2021, at 9:42 AM, Andrew C Aitchison > wrote: > > > Joel, > > You can add a direct link to the PGP key now as this is completely independant > of the released packages. > > Better yet would be to > 1)

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

2021-04-14 Thread Andrew C Aitchison via clamav-users
Joel, You can add a direct link to the PGP key now as this is completely independant of the released packages. Better yet would be to 1) Sign the new key with the old one (which doesn't actually expire until Monday) 2) Get other (public domain) software people to sign your key. This assumes

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

2021-04-10 Thread Joel Esler (jesler) via clamav-users
Thanks for pointing that out. We’ve corrected it with mitre, but obviously, we can’t correct the news.md for now. — Sent from my  iPad > On Apr 10, 2021, at 08:14, Sergey wrote: > > On Wednesday 07 April 2021, Joel Esler (jesler) via clamav-users wrote: > >> CVE-2021-1404: Fix for PDF

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

2021-04-10 Thread Sergey
On Wednesday 07 April 2021, Joel Esler (jesler) via clamav-users wrote: > CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. Affects > 0.103.0 and 0.103.1 only. > > CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects 0.103.1 > and prior. I seems you got the

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

2021-04-07 Thread Joel Esler (jesler) via clamav-users
We’ll look into that for a future update. Sent from my  iPhone > On Apr 7, 2021, at 16:58, Arjen de Korte via clamav-users > wrote: > > Citeren "Joel Esler (jesler) via clamav-users" > : > >> It’s available on the webpage. > > I already wrote that I know it is available from the

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

2021-04-07 Thread Arjen de Korte via clamav-users
Citeren "Joel Esler (jesler) via clamav-users" : It’s available on the webpage. I already wrote that I know it is available from the website. I need to update the stored keyring in openSUSE Factory, which needs a backlink to the origin. Rather than downloading

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

2021-04-07 Thread Joel Esler (jesler) via clamav-users
It’s available on the webpage. > On Apr 7, 2021, at 4:29 PM, Arjen de Korte via clamav-users > wrote: > > Citeren "Joel Esler (jesler) via clamav-users" > : > > It seems the package is now signed with a different PGP key. Is there a > location from where I can directly download the public

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

2021-04-07 Thread Arjen de Korte via clamav-users
Citeren "Joel Esler (jesler) via clamav-users" : It seems the package is now signed with a different PGP key. Is there a location from where I can directly download the public key, rather than copying it from the webpage? Best regards, Arjen

[clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

2021-04-07 Thread Joel Esler (jesler) via clamav-users
> > https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html > > > ClamAV 0.103.2 security patch release > > Wednesday, April 7, 2021 > > <>ClamAV 0.103.2 is out now. Users can head over to