Public bug reported: Upstream: tbd Debian: 1.4.1+dfsg-1 Ubuntu: 1.3.1+dfsg-5ubuntu2
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Jammy Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### clamav (1.4.1+dfsg-1) unstable; urgency=medium * Import 1.4.1 (Closes: #1080962) - CVE-2024-20506 (Changed the logging module to disable following symlinks on Linux) - CVE-2024-20505 (Fixed a possible out-of-bounds read bug in the PDF file parser). -- Sebastian Andrzej Siewior <[email protected]> Thu, 03 Oct 2024 10:51:50 +0200 clamav (1.3.1+dfsg-5) unstable; urgency=medium * Update expired certs (Closes: #1078274). -- Sebastian Andrzej Siewior <[email protected]> Tue, 27 Aug 2024 22:55:37 +0200 clamav (1.3.1+dfsg-4) unstable; urgency=medium * Move files from lib to usr/lib (Closes: #1073612). * Apply patch against unaligned access. Credits to Vladimir Petko and Gianfranco Costamagna (Closes: #1073128). -- Sebastian Andrzej Siewior <[email protected]> Fri, 28 Jun 2024 20:23:21 +0200 clamav (1.3.1+dfsg-3) unstable; urgency=medium * Upload to unstable. -- Sebastian Andrzej Siewior <[email protected]> Tue, 04 Jun 2024 23:15:26 +0200 clamav (1.3.1+dfsg-2) experimental; urgency=medium * Revert the t64 suffix (Closes: #1071232). -- Sebastian Andrzej Siewior <[email protected]> Thu, 30 May 2024 17:30:21 +0200 clamav (1.3.1+dfsg-1) experimental; urgency=medium * Import 1.3.1 * Add systemd-dev to Build-Depends (Closes: #1060559). * Mark clamav-base as foreign (Closes: #1060889). * Bump standards-version to 4.7.0 without changes. -- Sebastian Andrzej Siewior <[email protected]> Sun, 05 May 2024 13:04:51 +0200 clamav (1.2.1+dfsg-3) experimental; urgency=medium * Add proper Breaks/Replaces for the docs vs clamav. Rightfully reported by Andreas Beckmann (Closes: #1055494). * Update Swedish translation. Updated by Martin Bagge and Anders Jonsson (Closes: #1062665). * Rename libraries for 64-bit time_t transition. Based on NMU from Steve Langasek (Closes: #1062072). -- Sebastian Andrzej Siewior <[email protected]> Sat, 03 Feb 2024 12:27:16 +0100 clamav (1.2.1+dfsg-2) experimental; urgency=medium * Drop the PE patches, an alternative patch went upstream. * Add proper Breaks/Replaces for the docs transitional packages. Rightfully reported by Andreas Beckmann (Closes: #1055494). -- Sebastian Andrzej Siewior <[email protected]> Tue, 07 Nov 2023 22:03:07 +0100 clamav (1.2.1+dfsg-1) experimental; urgency=medium * Import 1.2.1 * Add libclamav12 after so bump. * Move documentation to clamav-doc. -- Sebastian Andrzej Siewior <[email protected]> Sun, 05 Nov 2023 21:29:59 +0100 clamav (1.0.3+dfsg-2) unstable; urgency=medium * Remove unnecessary warning messages in freshclam during update. -- Sebastian Andrzej Siewior <[email protected]> Sat, 09 Sep 2023 12:49:40 +0200 clamav (1.0.3+dfsg-1) unstable; urgency=medium * Import 1.0.3 -- Sebastian Andrzej Siewior <[email protected]> Sat, 09 Sep 2023 10:18:34 +0200 clamav (1.0.2+dfsg-1) unstable; urgency=medium * Import 1.0.2 (Closes: #1050057) - CVE-2023-20197 (Possible DoS in HFS+ file parser). - CVE-2023-20212 (Possible DoS in AutoIt file parser). * Use cmake for xml2 detection (Closes: #949100). * Replace tomsfastmath with OpenSSL's BN. * Don't enable clamonacc by default (Closes: #1030171). * Let the clamav-daemon.socket depend on the service file again (Closes: #1044136). -- Sebastian Andrzej Siewior <[email protected]> Sat, 19 Aug 2023 19:07:32 +0200 clamav (1.0.1+dfsg-2) unstable; urgency=medium * Depend on latest libtfm1 (Closes: #1031896, #1027010). ### Old Ubuntu Delta ### clamav (1.3.1+dfsg-5ubuntu2) oracular; urgency=medium * SECURITY UPDATE: out of bounds read in PDF parser - debian/patches/CVE-2024-20505.patch: add more checks to libclamav/pdf.c, libclamav/pdfng.c. - CVE-2024-20505 * SECURITY UPDATE: file overwrite via log file symlinks - debian/patches/CVE-2024-20506.patch: disable following symlinks when opening log files in common/output.c. - CVE-2024-20506 -- Marc Deslauriers <[email protected]> Mon, 16 Sep 2024 11:22:38 -0400 clamav (1.3.1+dfsg-5ubuntu1) oracular; urgency=medium * Merge from Debian unstable. Remaining changes: - clamav-base.postinst.in: Quell warning from check for clamav user (LP #1920217). - Extend ifupdown script to support networkd-dispatcher. + d/clamav-freshclam-ifupdown: Modernize some parts of the script. Implement support for networkd-dispatcher. + d/clamav-freshclam.links: Install the clamav-freshclam-ifupdown script inside the proper /usr/lib/networkd-dispatcher/{off,routable}.d/ directories. (LP #1718227) - d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not recognize the 'None' type specified by dh-cmake. - d/patches: add a patch to make the build system respect the rustflags (LP: #2071663). -- Gianfranco Costamagna <[email protected]> Wed, 11 Sep 2024 15:48:20 +0200 ** Affects: clamav (Ubuntu) Importance: Undecided Status: New ** Tags: bite-size needs-merge upgrade-software-version ** Changed in: clamav (Ubuntu) Milestone: None => ubuntu-25.01 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2085222 Title: Merge clamav from Debian unstable for jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2085222/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
