kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/security/clamav
History
taca ef758b9905 security/clamav: update to 0.102.3 
Update clamav to 0.102.3.


## 0.102.3

ClamAV 0.102.3 is a bug patch release to address the following issues.

- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
  Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
  could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
  an unsigned variable results in an out-of-bounds read which causes a crash.

  Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
  parsing vulnerability.

- [CVE-2020-3341](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341):
  Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that
  could cause a Denial-of-Service (DoS) condition. Improper size checking of
  a buffer used to initialize AES decryption routines results in an out-of-
  bounds read which may cause a crash. Bug found by OSS-Fuzz.

- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.

- Fix a couple of minor memory leaks.

- Updated libclamunrar to UnRAR 5.9.2.
2020-05-13 14:58:58 +00:00
..
files
patches security/clamav: update to 0.102.1 2019-12-03 12:55:16 +00:00
buildlink3.mk Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00
DEINSTALL
DESCR
distinfo security/clamav: update to 0.102.3 2020-05-13 14:58:58 +00:00
Makefile security/clamav: update to 0.102.3 2020-05-13 14:58:58 +00:00
Makefile.common security/clamav: update to 0.102.3 2020-05-13 14:58:58 +00:00
MESSAGE
options.mk Update clamav to 0.101.2 2019-08-05 14:44:20 +00:00
PLIST Update clamav to 0.102.0 2019-10-10 15:41:29 +00:00