lp:ubuntu/lucid-security/clamav

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

91. By chris pollock on 2015-02-08

[ Marc Deslauriers ]
* Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
  (LP: #1420819)
* Removed upstreamed patches:
  - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
  - d/p/0017-Bump-.so-version-number.patch

[ Chris Pollock ]
* Drop dh_autoreconf from build-depends
* Remove use of dh_autoreconf from debian/rules
* Adjust list of no LLVM architectures in debian/rules to include powerpc
  to avoid FTBFS on lucid

90. By Marc Deslauriers on 2014-03-27

Rebuild as a security update (LP: #1296856)

89. By Scott Kitterman on 2013-04-25

[ Seth Arnold ]
* SECURITY UPDATE: Updated to 0.97.8 to fix multiple security issues.
  - CVE-2013-2020 and CVE-2013-2021

[ Scott Kitterman ]
* Merge from Debian unstable (LP: #1172981). Remaining changes:
  - Drop build-dep on electric-fence (in Universe)
  - Add apparmor profiles for clamd and freshclam along with maintainer
    script changes

88. By Marc Deslauriers on 2013-03-19

* SECURITY UPDATE: Updated to 0.97.7 to fix multiple security issues.
  (LP: #1157385)
  - CVE numbers pending

87. By Marc Deslauriers on 2012-06-18

* SECURITY UPDATE: fix detection bypass via malformed tar entry with
  length that exceeds tar size
  - libclamav/untar.c: scan output at end of truncated tar
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=8e199ae3cfb2b862b8bc36d9a01c8f8d716169ab
  - CVE-2012-1457
* SECURITY UPDATE: fix detection bypass via crafted reset interval in
  CHM file
  - libclamav/mspack.c: properly scan chm with invalid handling.
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=a58b68f8adf2466b761ce05f74a4580c1f74fbe6
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
  - CVE-2012-1458
* SECURITY UPDATE: fix detection bypass via tar archive with invalid
  length field
  - libclamav/untar.c: improve logic, look at checksums
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=c3c807d78b09b3f64630601002fdc7db257d89da
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
  - CVE-2012-1459

86. By Jamie Strandboge on 2011-10-28

* SECURITY UPDATE: fix recursion level crash
  - libclamav/bytecode.c, libclamav/bytecode_api.c:adjust recursion level
    before and after calling cli_magic_scandesc()
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=patch;h=3d664817f6ef833a17414a4ecea42004c35cc42f
  - CVE-2011-3627

85. By Marc Deslauriers on 2011-02-23

* SECURITY UPDATE: denial of service via double free in vba processing
  - libclamav/vba_extract.c: set buf to NULL when it gets freed.
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
  - CVE-2011-1003

84. By Serge Hallyn on 2010-12-06

* SECURITY UPDATE: Backport security fixes from 0.96.5 (LP: #673654):
  - (simple port from Scott Kitterman's debdiff for natty)
  - libclamav/pdf.c: fix crashes
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=019f1955194360600ecf0644959ceca6734c2d7b
  - CVE-2010-4260, CVE-2010-4479
  - libclamav/pe_icons.c: off by one
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=1f3db7f074995bd4e1d0183b2db8b1c472d2f41b
  - CVE-2010-4261

83. By Jamie Strandboge on 2010-09-13

* SECURITY UPDATE: fix integer overflow in BZ2_decompress()
  - libclamav/nsis/bzlib.c: return error if N is larger than 2*1024^2 which
    keeps us from overflowing but leaves enough room for the 900k maximum
    value of the RUNA/RUNB encoding
  - patch based on upstream bzip2
  - CVE-2010-0405

82. By Marc Deslauriers on 2010-05-26

* SECURITY UPDATE: denial of service via crafted pdf file
  - https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=f0eb394501ec21b9fe67f36cbf5db788711d4236
  - CVE-2010-1639
* SECURITY UPDATE: denial of service via crafted PE icons
  - https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2031
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=7f0e3bbf77382d9782e0189bf80f5f59a95779b3
  - CVE-2010-2077