Public bug reported:

Upstream: tbd
Debian:   1.4.1+dfsg-1    
Ubuntu:   1.3.1+dfsg-5ubuntu2


Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.

If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.

If this merge pulls in a new upstream version, also consider adding an
entry to the Jammy Release Notes:
https://discourse.ubuntu.com/c/release/38


### New Debian Changes ###

clamav (1.4.1+dfsg-1) unstable; urgency=medium

  * Import 1.4.1 (Closes: #1080962)
    - CVE-2024-20506 (Changed the logging module to disable following symlinks
      on Linux)
    - CVE-2024-20505 (Fixed a possible out-of-bounds read bug in the PDF file
      parser).

 -- Sebastian Andrzej Siewior <[email protected]>  Thu, 03 Oct
2024 10:51:50 +0200

clamav (1.3.1+dfsg-5) unstable; urgency=medium

  * Update expired certs (Closes: #1078274).

 -- Sebastian Andrzej Siewior <[email protected]>  Tue, 27 Aug
2024 22:55:37 +0200

clamav (1.3.1+dfsg-4) unstable; urgency=medium

  * Move files from lib to usr/lib (Closes: #1073612).
  * Apply patch against unaligned access. Credits to Vladimir Petko and
    Gianfranco Costamagna (Closes: #1073128).

 -- Sebastian Andrzej Siewior <[email protected]>  Fri, 28 Jun
2024 20:23:21 +0200

clamav (1.3.1+dfsg-3) unstable; urgency=medium

  * Upload to unstable.

 -- Sebastian Andrzej Siewior <[email protected]>  Tue, 04 Jun
2024 23:15:26 +0200

clamav (1.3.1+dfsg-2) experimental; urgency=medium

  * Revert the t64 suffix (Closes: #1071232).

 -- Sebastian Andrzej Siewior <[email protected]>  Thu, 30 May
2024 17:30:21 +0200

clamav (1.3.1+dfsg-1) experimental; urgency=medium

  * Import 1.3.1
  * Add systemd-dev to Build-Depends (Closes: #1060559).
  * Mark clamav-base as foreign (Closes: #1060889).
  * Bump standards-version to 4.7.0 without changes.

 -- Sebastian Andrzej Siewior <[email protected]>  Sun, 05 May
2024 13:04:51 +0200

clamav (1.2.1+dfsg-3) experimental; urgency=medium

  * Add proper Breaks/Replaces for the docs vs clamav. Rightfully reported by
    Andreas Beckmann (Closes: #1055494).
  * Update Swedish translation. Updated by Martin Bagge and Anders Jonsson
    (Closes: #1062665).
  * Rename libraries for 64-bit time_t transition. Based on NMU from Steve
    Langasek (Closes: #1062072).

 -- Sebastian Andrzej Siewior <[email protected]>  Sat, 03 Feb
2024 12:27:16 +0100

clamav (1.2.1+dfsg-2) experimental; urgency=medium

  * Drop the PE patches, an alternative patch went upstream.
  * Add proper Breaks/Replaces for the docs transitional packages. Rightfully
    reported by Andreas Beckmann (Closes: #1055494).

 -- Sebastian Andrzej Siewior <[email protected]>  Tue, 07 Nov
2023 22:03:07 +0100

clamav (1.2.1+dfsg-1) experimental; urgency=medium

  * Import 1.2.1
  * Add libclamav12 after so bump.
  * Move documentation to clamav-doc.

 -- Sebastian Andrzej Siewior <[email protected]>  Sun, 05 Nov
2023 21:29:59 +0100

clamav (1.0.3+dfsg-2) unstable; urgency=medium

  * Remove unnecessary warning messages in freshclam during update.

 -- Sebastian Andrzej Siewior <[email protected]>  Sat, 09 Sep
2023 12:49:40 +0200

clamav (1.0.3+dfsg-1) unstable; urgency=medium

  * Import 1.0.3

 -- Sebastian Andrzej Siewior <[email protected]>  Sat, 09 Sep
2023 10:18:34 +0200

clamav (1.0.2+dfsg-1) unstable; urgency=medium

  * Import 1.0.2 (Closes: #1050057)
    - CVE-2023-20197 (Possible DoS in HFS+ file parser).
    - CVE-2023-20212 (Possible DoS in AutoIt file parser).
  * Use cmake for xml2 detection (Closes: #949100).
  * Replace tomsfastmath with OpenSSL's BN.
  * Don't enable clamonacc by default (Closes: #1030171).
  * Let the clamav-daemon.socket depend on the service file again
    (Closes: #1044136).

 -- Sebastian Andrzej Siewior <[email protected]>  Sat, 19 Aug
2023 19:07:32 +0200

clamav (1.0.1+dfsg-2) unstable; urgency=medium

  * Depend on latest libtfm1 (Closes: #1031896, #1027010).


### Old Ubuntu Delta ###

clamav (1.3.1+dfsg-5ubuntu2) oracular; urgency=medium

  * SECURITY UPDATE: out of bounds read in PDF parser
    - debian/patches/CVE-2024-20505.patch: add more checks to
      libclamav/pdf.c, libclamav/pdfng.c.
    - CVE-2024-20505
  * SECURITY UPDATE: file overwrite via log file symlinks
    - debian/patches/CVE-2024-20506.patch: disable following symlinks when
      opening log files in common/output.c.
    - CVE-2024-20506

 -- Marc Deslauriers <[email protected]>  Mon, 16 Sep 2024
11:22:38 -0400

clamav (1.3.1+dfsg-5ubuntu1) oracular; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - clamav-base.postinst.in: Quell warning from check for clamav user
      (LP #1920217).
    - Extend ifupdown script to support networkd-dispatcher.
      + d/clamav-freshclam-ifupdown: Modernize some parts of
        the script.  Implement support for networkd-dispatcher.
      + d/clamav-freshclam.links: Install the
        clamav-freshclam-ifupdown script inside the proper
        /usr/lib/networkd-dispatcher/{off,routable}.d/
        directories. (LP #1718227)
    - d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
      recognize the 'None' type specified by dh-cmake.
    - d/patches: add a patch to make the build system respect the rustflags
      (LP: #2071663).

 -- Gianfranco Costamagna <[email protected]>  Wed, 11 Sep 2024
15:48:20 +0200

** Affects: clamav (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: bite-size needs-merge upgrade-software-version

** Changed in: clamav (Ubuntu)
    Milestone: None => ubuntu-25.01

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085222

Title:
  Merge clamav from Debian unstable for jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2085222/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to