* [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5
@ 2022-01-24 22:10 Fabrice Fontaine
2022-01-26 22:06 ` Thomas Petazzoni
2022-01-28 21:12 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-01-24 22:10 UTC (permalink / raw)
To: buildroot; +Cc: Bernd Kuhls, Fabrice Fontaine
ClamAV 0.103.5 is a critical patch release with the following fix:
- CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
clamscan --gen-json option) is enabled.
https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/clamav/clamav.hash | 2 +-
package/clamav/clamav.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/clamav/clamav.hash b/package/clamav/clamav.hash
index d68b04af76..73f4ff88f1 100644
--- a/package/clamav/clamav.hash
+++ b/package/clamav/clamav.hash
@@ -1,5 +1,5 @@
# Locally calculated
-sha256 def0ad15500fa6aff81d8e68b9f83aa75ee5b607a01335c1d26dbcc959932f85 clamav-0.103.4.tar.gz
+sha256 1e74b1e1d2a8a9056449c313f48a6983b9d5ba0d6fb5ef0b2be6ad3c841a5426 clamav-0.103.5.tar.gz
sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584 COPYING
sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed COPYING.bzip2
sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6 COPYING.file
diff --git a/package/clamav/clamav.mk b/package/clamav/clamav.mk
index 94b589b975..cd2d06e6b3 100644
--- a/package/clamav/clamav.mk
+++ b/package/clamav/clamav.mk
@@ -4,7 +4,7 @@
#
################################################################################
-CLAMAV_VERSION = 0.103.4
+CLAMAV_VERSION = 0.103.5
CLAMAV_SITE = https://www.clamav.net/downloads/production
CLAMAV_LICENSE = GPL-2.0
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5
2022-01-24 22:10 [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5 Fabrice Fontaine
@ 2022-01-26 22:06 ` Thomas Petazzoni
2022-01-28 21:12 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2022-01-26 22:06 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Bernd Kuhls, buildroot
On Mon, 24 Jan 2022 23:10:47 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> ClamAV 0.103.5 is a critical patch release with the following fix:
>
> - CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
> Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
> libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
> clamscan --gen-json option) is enabled.
>
> https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/clamav/clamav.hash | 2 +-
> package/clamav/clamav.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5
2022-01-24 22:10 [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5 Fabrice Fontaine
2022-01-26 22:06 ` Thomas Petazzoni
@ 2022-01-28 21:12 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-01-28 21:12 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: Bernd Kuhls, buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> ClamAV 0.103.5 is a critical patch release with the following fix:
> - CVE-2022-20698: Fix for invalid pointer read that may cause a crash.
> Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with
> libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the
> clamscan --gen-json option) is enabled.
> https://github.com/Cisco-Talos/clamav/blob/clamav-0.103.5/NEWS.md
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x and 2021.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-28 21:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-24 22:10 [Buildroot] [PATCH 1/1] package/clamav: security bump to version 0.103.5 Fabrice Fontaine
2022-01-26 22:06 ` Thomas Petazzoni
2022-01-28 21:12 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.