clamav (1.4.3+dfsg-0ubuntu0.22.04.1) jammy-security; urgency=medium
* Rebuild as security update for Ubuntu 22.04 LTS.
- debian/control: remove BD on dpkg-dev and systemd-dev
- CVE-2025-20234
- CVE-2025-20260
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jun 2025 13:10:29 -0400
clamav (1.4.3+dfsg-0ubuntu1) questing; urgency=medium
* Updated to version 1.4.3 to fix security issue.
- debian/rules: bump CL_FLEVEL to 213.
- debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
- CVE-2025-20234
- CVE-2025-20260
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jun 2025 12:39:40 -0400
clamav (1.4.2+dfsg-1ubuntu1) questing; urgency=medium
* Merge with Debian unstable. Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
(LP #2071663)
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- debian/po: update translations
* Dropped:
- Updated to version 1.4.2 to fix security issue.
+ debian/rules: bump CL_FLEVEL to 212.
+ debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
+ CVE-2025-20128
[Debian now carries 1.4.2]
-- Bryce Harrington <bryce@canonical.com> Fri, 13 Jun 2025 01:02:43 -0700
clamav (1.4.2+dfsg-1) unstable; urgency=medium
* Import 1.4.2 (Closes: #1093880)
- CVE-2025-20128 (buffer overflow read bug in the OLE2 file parser).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 06 Feb 2025 21:56:48 +0100
clamav (1.4.2+dfsg-0ubuntu2) questing; urgency=medium
* No-change rebuild for libxml2 soname change.
-- Matthias Klose <doko@ubuntu.com> Tue, 20 May 2025 12:23:37 +0200
clamav (1.4.2+dfsg-0ubuntu1) plucky; urgency=medium
* Updated to version 1.4.2 to fix security issue.
- debian/rules: bump CL_FLEVEL to 212.
- debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
- CVE-2025-20128
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 23 Jan 2025 12:58:42 -0500
clamav (1.4.1+dfsg-1ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2085222). Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
(LP #2071663)
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- debian/po: update translations
* Dropped:
- SECURITY UPDATE: out of bounds read in PDF parser
+ debian/patches/CVE-2024-20505.patch: add more checks to
libclamav/pdf.c, libclamav/pdfng.c.
+ CVE-2024-20505
[Included in Debian 1.4.1+dfsg-1]
- SECURITY UPDATE: file overwrite via log file symlinks
+ debian/patches/CVE-2024-20506.patch: disable following symlinks when
opening log files in common/output.c.
+ CVE-2024-20506
[Included in Debian 1.4.1+dfsg-1]
- d/patches: add a patch to make the build system respect the rustflags
(LP #2071663).
[Taken upstream in 1.4.0]
- d/rules, d/s/include-binaries,
d/p/Fix-unit-test-caused-by-expiring-signing-certificate.patch:
Fix signing of "text.exe" with expired certs.
(LP #2078478)
[Already present in Debian 1.3.1+dfsg-5]
-- Bryce Harrington <bryce@canonical.com> Thu, 16 Jan 2025 16:27:52 -0800
clamav (1.4.1+dfsg-1) unstable; urgency=medium
* Import 1.4.1 (Closes: #1080962)
- CVE-2024-20506 (Changed the logging module to disable following symlinks
on Linux)
- CVE-2024-20505 (Fixed a possible out-of-bounds read bug in the PDF file
parser).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 03 Oct 2024 10:51:50 +0200
clamav (1.3.1+dfsg-5ubuntu2) oracular; urgency=medium
* SECURITY UPDATE: out of bounds read in PDF parser
- debian/patches/CVE-2024-20505.patch: add more checks to
libclamav/pdf.c, libclamav/pdfng.c.
- CVE-2024-20505
* SECURITY UPDATE: file overwrite via log file symlinks
- debian/patches/CVE-2024-20506.patch: disable following symlinks when
opening log files in common/output.c.
- CVE-2024-20506
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 16 Sep 2024 11:22:38 -0400
clamav (1.3.1+dfsg-5ubuntu1) oracular; urgency=medium
* Merge from Debian unstable. Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
- d/patches: add a patch to make the build system respect the rustflags
(LP: #2071663).
-- Gianfranco Costamagna <locutusofborg@debian.org> Wed, 11 Sep 2024 15:48:20 +0200
# For older changelog entries, run 'apt-get changelog clamav-doc'
Generated by dwww version 1.14 on Thu Jul 10 03:51:35 CEST 2025.