All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5
@ 2022-01-24 22:10 Fabrice Fontaine
  2022-01-26 22:06 ` Thomas Petazzoni
  2022-01-28 21:12 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-01-24 22:10 UTC (permalink / raw)
  To: buildroot; +Cc: Bernd Kuhls, Fabrice Fontaine

ClamAV 0.103.5 is a critical patch release with the following fix:

 - CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
   Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
   libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
   clamscan --gen-json option) is enabled.

https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/clamav/clamav.hash | 2 +-
 package/clamav/clamav.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/clamav/clamav.hash b/package/clamav/clamav.hash
index d68b04af76..73f4ff88f1 100644
--- a/package/clamav/clamav.hash
+++ b/package/clamav/clamav.hash
@@ -1,5 +1,5 @@
 # Locally calculated
-sha256  def0ad15500fa6aff81d8e68b9f83aa75ee5b607a01335c1d26dbcc959932f85  clamav-0.103.4.tar.gz
+sha256  1e74b1e1d2a8a9056449c313f48a6983b9d5ba0d6fb5ef0b2be6ad3c841a5426  clamav-0.103.5.tar.gz
 sha256  0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584  COPYING
 sha256  d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed  COPYING.bzip2
 sha256  dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6  COPYING.file
diff --git a/package/clamav/clamav.mk b/package/clamav/clamav.mk
index 94b589b975..cd2d06e6b3 100644
--- a/package/clamav/clamav.mk
+++ b/package/clamav/clamav.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CLAMAV_VERSION = 0.103.4
+CLAMAV_VERSION = 0.103.5
 CLAMAV_SITE = https://www.clamav.net/downloads/production
 CLAMAV_LICENSE = GPL-2.0
 CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
-- 
2.34.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5
  2022-01-24 22:10 [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5 Fabrice Fontaine
@ 2022-01-26 22:06 ` Thomas Petazzoni
  2022-01-28 21:12 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2022-01-26 22:06 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Bernd Kuhls, buildroot

On Mon, 24 Jan 2022 23:10:47 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> ClamAV 0.103.5 is a critical patch release with the following fix:
> 
>  - CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
>    Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
>    libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
>    clamscan --gen-json option) is enabled.
> 
> https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/clamav/clamav.hash | 2 +-
>  package/clamav/clamav.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5
  2022-01-24 22:10 [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5 Fabrice Fontaine
  2022-01-26 22:06 ` Thomas Petazzoni
@ 2022-01-28 21:12 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-01-28 21:12 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Bernd Kuhls, buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > ClamAV 0.103.5 is a critical patch release with the following fix:
 >  - CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
 >    Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
 >    libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
 >    clamscan --gen-json option) is enabled.

 > https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2021.02.x and 2021.11.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-28 21:12 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-24 22:10 [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5 Fabrice Fontaine
2022-01-26 22:06 ` Thomas Petazzoni
2022-01-28 21:12 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.