Public bug reported: Scheduled-For: ubuntu-25.11 Ubuntu: 1.4.3+dfsg-0ubuntu2 Debian Unstable: 1.4.3+dfsg-1
The current version in Ubuntu went ahead of Debian in the past, so this package may be diverged from Debian and require more review than usual to get back to mergeability. If this package should not be considered for merges or syncs in the future, you may wish to consider adding it to the `sync-blocklist` at: https://code.launchpad.net/~ubuntu-archive/+git/sync-blocklist A new release of clamav is available for merging from Debian Unstable. If it turns out this needs a sync rather than a merge, please change the tagging from ['needs-merge', 'upgrade-software-version'] to ['needs- sync', 'upgrade-software-version'], and (optionally) update the title as desired. ### New Debian Changes ### clamav (1.4.3+dfsg-1) unstable; urgency=medium * Import 1.4.3 - CVE-2025-20234 (Fixed a possible buffer overflow read bug in the UDF file parser that may write to a temp file and thus disclose information, or it may crash and cause a denial-of-service (DoS) condition.) Closes: #1108045 - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.) Closes: #1108046 -- Sebastian Andrzej Siewior <[email protected]> Sun, 29 Jun 2025 12:01:31 +0200 ### Old Ubuntu Delta ### clamav (1.4.3+dfsg-0ubuntu2) questing; urgency=medium * Rebuild to include updated RISC-V base ISA RVA23 -- Heinrich Schuchardt <[email protected]> Wed, 03 Sep 2025 15:09:08 +0000 clamav (1.4.3+dfsg-0ubuntu1) questing; urgency=medium * Updated to version 1.4.3 to fix security issue. - debian/rules: bump CL_FLEVEL to 213. - debian/libclamav12.symbols: updated CLAMAV_PRIVATE and cl_retflevel symbols to new version. - CVE-2025-20234 - CVE-2025-20260 -- Marc Deslauriers <[email protected]> Wed, 25 Jun 2025 12:39:40 -0400 clamav (1.4.2+dfsg-1ubuntu1) questing; urgency=medium * Merge with Debian unstable. Remaining changes: - clamav-base.postinst.in: Quell warning from check for clamav user (LP #1920217). - d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not recognize the "None" type specified by dh-cmake. (LP #2071663) - Extend ifupdown script to support networkd-dispatcher. + d/clamav-freshclam-ifupdown: Modernize some parts of the script. Implement support for networkd-dispatcher. + d/clamav-freshclam.links: Install the clamav-freshclam-ifupdown script inside the proper /usr/lib/networkd-dispatcher/{off,routable}.d/ directories. (LP #1718227) - debian/po: update translations * Dropped: - Updated to version 1.4.2 to fix security issue. + debian/rules: bump CL_FLEVEL to 212. + debian/libclamav12.symbols: updated CLAMAV_PRIVATE and cl_retflevel symbols to new version. + CVE-2025-20128 [Debian now carries 1.4.2] -- Bryce Harrington <[email protected]> Fri, 13 Jun 2025 01:02:43 -0700 ** Affects: clamav (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2125999 Title: Merge clamav from Debian Unstable for r-series To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2125999/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
