[pkgsrc/trunk]: pkgsrc/security/clamav security/clamav: update to 0.102.4

To: source-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/clamav security/clamav: update to 0.102.4
From: taca <taca%pkgsrc.org@localhost>
Date: Fri, 17 Jul 2020 05:42:17 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c547f77c2e80
branches:  trunk
changeset: 435844:c547f77c2e80
user:      taca <taca%pkgsrc.org@localhost>
date:      Fri Jul 17 04:48:32 2020 +0000

description:
security/clamav: update to 0.102.4

Update clamav to 0.102.4.


## 0.102.4

ClamAV 0.102.4 is a bug patch release to address the following issues.

- [CVE-2020-3350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350):
  Fix a vulnerability wherein a malicious user could replace a scan target's
  directory with a symlink to another path to trick clamscan, clamdscan, or
  clamonacc into removing or moving a different file (eg. a critical system
  file). The issue would affect users that use the --move or --remove options
  for clamscan, clamdscan, and clamonacc.

  For more information about AV quarantine attacks using links, see the
  [RACK911 Lab's report](https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software).

- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
  Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that
  could cause a Denial-of-Service (DoS) condition. Improper bounds checking
  results in an out-of-bounds read which could cause a crash.
  The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly
  resolves the issue.

- [CVE-2020-3481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481):
  Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3
  could cause a Denial-of-Service (DoS) condition. Improper error handling
  may result in a crash due to a NULL pointer dereference.
  This vulnerability is mitigated for those using the official ClamAV
  signature databases because the file type signatures in daily.cvd
  will not enable the EGG archive parser in versions affected by the
  vulnerability.

diffstat:

 security/clamav/Makefile        |   3 +--
 security/clamav/Makefile.common |   4 ++--
 security/clamav/distinfo        |  10 +++++-----
 3 files changed, 8 insertions(+), 9 deletions(-)

diffs (44 lines):

diff -r 8e29a7b471c4 -r c547f77c2e80 security/clamav/Makefile
--- a/security/clamav/Makefile  Fri Jul 17 00:38:15 2020 +0000
+++ b/security/clamav/Makefile  Fri Jul 17 04:48:32 2020 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.68 2020/06/02 08:22:54 adam Exp $
+# $NetBSD: Makefile,v 1.69 2020/07/17 04:48:32 taca Exp $
 
-PKGREVISION= 3
 .include "Makefile.common"
 
 COMMENT=       Anti-virus toolkit
diff -r 8e29a7b471c4 -r c547f77c2e80 security/clamav/Makefile.common
--- a/security/clamav/Makefile.common   Fri Jul 17 00:38:15 2020 +0000
+++ b/security/clamav/Makefile.common   Fri Jul 17 04:48:32 2020 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.16 2020/05/13 14:58:58 taca Exp $
+# $NetBSD: Makefile.common,v 1.17 2020/07/17 04:48:32 taca Exp $
 #
 # used by security/clamav/Makefile
 # used by security/clamav-doc/Makefile
 
-DISTNAME=      clamav-0.102.3
+DISTNAME=      clamav-0.102.4
 CATEGORIES=    security
 MASTER_SITES=  http://www.clamav.net/downloads/production/
 
diff -r 8e29a7b471c4 -r c547f77c2e80 security/clamav/distinfo
--- a/security/clamav/distinfo  Fri Jul 17 00:38:15 2020 +0000
+++ b/security/clamav/distinfo  Fri Jul 17 04:48:32 2020 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.33 2020/05/13 14:58:58 taca Exp $
+$NetBSD: distinfo,v 1.34 2020/07/17 04:48:32 taca Exp $
 
-SHA1 (clamav-0.102.3.tar.gz) = c6397a35f4ae77a3aa3241551120da45662d1f39
-RMD160 (clamav-0.102.3.tar.gz) = 85d1f1f607edfc9b8deeb68aaba39f0875b31863
-SHA512 (clamav-0.102.3.tar.gz) = d239718814b303fb0f1655d9bdaf3675d888eea57e786d927eafabb7b6f58cd7f5fb7dc149511c2af6f800dcc919f2e1d6954110d45b9e16619c632e8d2b37f2
-Size (clamav-0.102.3.tar.gz) = 13226108 bytes
+SHA1 (clamav-0.102.4.tar.gz) = ea0f6faeedb0248c684cceb87f7ff3a8bd4b610d
+RMD160 (clamav-0.102.4.tar.gz) = 1339babd0bbad4b00dab9e05cf94e27080417c63
+SHA512 (clamav-0.102.4.tar.gz) = 29893deb8d2d913dff72331875d3dc3a10356bfb254ddfe1c1933b3ea4f8b76c96a1b840f95e72be36cbc0e00b9ec35e395225ef264761f53e709bb1026a4f09
+Size (clamav-0.102.4.tar.gz) = 13234444 bytes
 SHA1 (patch-Makefile.in) = a11766ea353d81fb281a07c8120e8a1f5c8dc60f
 SHA1 (patch-aa) = 8539a90ac5591c86f7e9f6b8c073f36523f221a5
 SHA1 (patch-ab) = 78793f0267ce8c820b51937186dc17dabb4a1ccf

Prev by Date: [src/trunk]: src/sys/dev Tweak a bit and add some comments.
Next by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/clamav to 0.102.4
Previous by Thread: [src/trunk]: src/sys/dev Tweak a bit and add some comments.
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/clamav to 0.102.4
Indexes:

Home | Main Index | Thread Index | Old Index