Created by James Westby on 2011-04-08 and last modified on 2015-02-12
Get this branch:
bzr branch lp:ubuntu/lucid-security/clamav
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

91. By chris pollock on 2015-02-08

[ Marc Deslauriers ]
* Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
  (LP: #1420819)
* Removed upstreamed patches:
  - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
  - d/p/0017-Bump-.so-version-number.patch

[ Chris Pollock ]
* Drop dh_autoreconf from build-depends
* Remove use of dh_autoreconf from debian/rules
* Adjust list of no LLVM architectures in debian/rules to include powerpc
  to avoid FTBFS on lucid

90. By Marc Deslauriers on 2014-03-27

Rebuild as a security update (LP: #1296856)

89. By Scott Kitterman on 2013-04-25

[ Seth Arnold ]
* SECURITY UPDATE: Updated to 0.97.8 to fix multiple security issues.
  - CVE-2013-2020 and CVE-2013-2021

[ Scott Kitterman ]
* Merge from Debian unstable (LP: #1172981). Remaining changes:
  - Drop build-dep on electric-fence (in Universe)
  - Add apparmor profiles for clamd and freshclam along with maintainer
    script changes

88. By Marc Deslauriers on 2013-03-19

* SECURITY UPDATE: Updated to 0.97.7 to fix multiple security issues.
  (LP: #1157385)
  - CVE numbers pending

87. By Marc Deslauriers on 2012-06-18

* SECURITY UPDATE: fix detection bypass via malformed tar entry with
  length that exceeds tar size
  - libclamav/untar.c: scan output at end of truncated tar
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=8e199ae3cfb2b862b8bc36d9a01c8f8d716169ab
  - CVE-2012-1457
* SECURITY UPDATE: fix detection bypass via crafted reset interval in
  CHM file
  - libclamav/mspack.c: properly scan chm with invalid handling.
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=a58b68f8adf2466b761ce05f74a4580c1f74fbe6
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
  - CVE-2012-1458
* SECURITY UPDATE: fix detection bypass via tar archive with invalid
  length field
  - libclamav/untar.c: improve logic, look at checksums
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=c3c807d78b09b3f64630601002fdc7db257d89da
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
  - CVE-2012-1459

86. By Jamie Strandboge on 2011-10-28

* SECURITY UPDATE: fix recursion level crash
  - libclamav/bytecode.c, libclamav/bytecode_api.c:adjust recursion level
    before and after calling cli_magic_scandesc()
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=patch;h=3d664817f6ef833a17414a4ecea42004c35cc42f
  - CVE-2011-3627

85. By Marc Deslauriers on 2011-02-23

* SECURITY UPDATE: denial of service via double free in vba processing
  - libclamav/vba_extract.c: set buf to NULL when it gets freed.
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
  - CVE-2011-1003

84. By Serge Hallyn on 2010-12-06

* SECURITY UPDATE: Backport security fixes from 0.96.5 (LP: #673654):
  - (simple port from Scott Kitterman's debdiff for natty)
  - libclamav/pdf.c: fix crashes
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=019f1955194360600ecf0644959ceca6734c2d7b
  - CVE-2010-4260, CVE-2010-4479
  - libclamav/pe_icons.c: off by one
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=1f3db7f074995bd4e1d0183b2db8b1c472d2f41b
  - CVE-2010-4261

83. By Jamie Strandboge on 2010-09-13

* SECURITY UPDATE: fix integer overflow in BZ2_decompress()
  - libclamav/nsis/bzlib.c: return error if N is larger than 2*1024^2 which
    keeps us from overflowing but leaves enough room for the 900k maximum
    value of the RUNA/RUNB encoding
  - patch based on upstream bzip2
  - CVE-2010-0405

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.