git.libre-soc.org Git - buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Fri, 9 Apr 2021 20:41:06 +0000 (22:41 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Sat, 10 Apr 2021 16:39:56 +0000 (18:39 +0200)
commit	7aee27c2b9f4da87b50d8b330d086c695d900147
tree	4488cfe3827736f8cc8d42322fb6b8f1ee2964c3	tree
parent	68c7be9c284779429dd7d2de5055b626ea6bb212	commit \| diff

package/clamav: security bump to version 0.103.2

Fixes the following security issues:

- CVE-2021-1386: Fix for UnRAR DLL load privilege escalation.  Affects
  0.103.1 and prior on Windows only.

- CVE-2021-1252: Fix for Excel XLM parser infinite loop.  Affects 0.103.0
  and 0.103.1 only.

- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
  Affects 0.103.0 and 0.103.1 only.

- CVE-2021-1405: Fix for mail parser NULL-dereference crash.  Affects
  0.103.1 and prior.

- CVE-2021-27506: The ClamAV Engine (Version 0.103.1 and below) embedded in
  Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of
  parsing of malformed png files.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/clamav/clamav.hash		diff \| blob \| history
package/clamav/clamav.mk		diff \| blob \| history