This bug was fixed in the package clamav - 1.4.3+dfsg-2ubuntu1
---------------
clamav (1.4.3+dfsg-2ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2125999). Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP 1920217).
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
(LP 2071663)
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP 1718227)
- debian/po: update translations
- d/control: Recommends: networkd-dispatcher (LP 2132159)
* Added:
- d/rules, debian/clamav-freshclam.postinst.in : revert manual loading
of freshclam apparmor profile and go back to using dh_apparmor
* Dropped:
- Updated to version 1.4.3 to fix security issue.
- debian/rules: bump CL_FLEVEL to 213.
- debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
- CVE-2025-20234
- CVE-2025-20260
[Debian now carries 1.4.3]
clamav (1.4.3+dfsg-2) unstable; urgency=medium
[ Pino Toscano ]
* Make sure to ignore the not installed files on all the architectures.
* Limit systemd build dependencies as linux-any, as systemd is available only
on Linux.
* Simplify handling of Linux-only files by using dh-exec, rather than creating
install and manpages files during build:
- add the dh-exec build dependency
- mark the Linux-only files in install and manpages files
- simplify debian/rules accordingly
* Wrap the whole override_dh_installsystemd to run on Linux, rather than only
the first command in it.
clamav (1.4.3+dfsg-1) unstable; urgency=medium
* Import 1.4.3
- CVE-2025-20234 (Fixed a possible buffer overflow read bug in the UDF
file parser that may write to a temp file and thus disclose information,
or it may crash and cause a denial-of-service (DoS) condition.)
Closes: #1108045
- CVE-2025-20260 (Fixed a possible buffer overflow write bug in the PDF
file parser that could cause a denial-of-service (DoS) condition or
enable remote code execution.) Closes: #1108046
-- Hector Cao <[email protected]> Thu, 08 Jan 2026 11:22:44
+0100
** Changed in: clamav (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-20234
** CVE added: https://cve.org/CVERecord?id=CVE-2025-20260
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2125999
Title:
Merge clamav from Debian Unstable for r-series
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2125999/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
