* [Buildroot] [PATCH] clamav: security bump to version 0.98.7
@ 2015-04-29 18:47 Gustavo Zacarias
2015-04-29 21:04 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2015-04-29 18:47 UTC (permalink / raw)
To: buildroot
Fixes:
CVE-2015-2221 - infinite loop condition on crafted y0da cryptor file.
CVE-2015-2668 - infinite loop condition on a crafted "xz" archive file.
CVE-2015-2305 - possible heap overflow in Henry Spencer's regex library.
CVE-2015-2170 - crash in upx decoder with crafted file.
CVE-2015-2222 - crash on crafted petite packed file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/clamav/clamav.hash | 5 +++--
package/clamav/clamav.mk | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/package/clamav/clamav.hash b/package/clamav/clamav.hash
index 7913388..97e4163 100644
--- a/package/clamav/clamav.hash
+++ b/package/clamav/clamav.hash
@@ -1,2 +1,3 @@
-# From http://sourceforge.net/projects/clamav/files/clamav/0.98.6/
-sha1 03cb9a20a08aba9176b1f58d5527d06ec8261f9c clamav-0.98.6.tar.gz
+# From http://sourceforge.net/projects/clamav/files/clamav/0.98.7/
+md5 157c601161da1c2d5a0e48ea1b49e067 clamav-0.98.7.tar.gz
+sha1 c9793d67c041e2b944116d912f8681c8bd6e4432 clamav-0.98.7.tar.gz
diff --git a/package/clamav/clamav.mk b/package/clamav/clamav.mk
index 6a8fddf..1cf0af6 100644
--- a/package/clamav/clamav.mk
+++ b/package/clamav/clamav.mk
@@ -4,7 +4,7 @@
#
################################################################################
-CLAMAV_VERSION = 0.98.6
+CLAMAV_VERSION = 0.98.7
CLAMAV_SITE = http://sourceforge.net/projects/clamav/files/clamav/$(CLAMAV_VERSION)
CLAMAV_LICENSE = GPLv2
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
--
2.0.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] clamav: security bump to version 0.98.7
2015-04-29 18:47 [Buildroot] [PATCH] clamav: security bump to version 0.98.7 Gustavo Zacarias
@ 2015-04-29 21:04 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2015-04-29 21:04 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> Fixes:
> CVE-2015-2221 - infinite loop condition on crafted y0da cryptor file.
> CVE-2015-2668 - infinite loop condition on a crafted "xz" archive file.
> CVE-2015-2305 - possible heap overflow in Henry Spencer's regex library.
> CVE-2015-2170 - crash in upx decoder with crafted file.
> CVE-2015-2222 - crash on crafted petite packed file.
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-04-29 21:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-29 18:47 [Buildroot] [PATCH] clamav: security bump to version 0.98.7 Gustavo Zacarias
2015-04-29 21:04 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.