lp://staging/ubuntu/lucid-updates/clamav

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

95. By chris pollock on 2015-02-08

[ Marc Deslauriers ]
* Updated to 0.98.6 to fix security issues, including CVE-2014-9328.
  (LP: #1420819)
* Removed upstreamed patches:
  - d/p/0002-Add-an-additional-n-after-the-number-in-the-pidfile.patch
  - d/p/0017-Bump-.so-version-number.patch

[ Chris Pollock ]
* Drop dh_autoreconf from build-depends
* Remove use of dh_autoreconf from debian/rules
* Adjust list of no LLVM architectures in debian/rules to include powerpc
  to avoid FTBFS on lucid

94. By Marc Deslauriers on 2014-03-27

Rebuild as a security update (LP: #1296856)

93. By Scott Kitterman on 2013-04-25

[ Seth Arnold ]
* SECURITY UPDATE: Updated to 0.97.8 to fix multiple security issues.
  - CVE-2013-2020 and CVE-2013-2021

[ Scott Kitterman ]
* Merge from Debian unstable (LP: #1172981). Remaining changes:
  - Drop build-dep on electric-fence (in Universe)
  - Add apparmor profiles for clamd and freshclam along with maintainer
    script changes

92. By Marc Deslauriers on 2013-03-19

* SECURITY UPDATE: Updated to 0.97.7 to fix multiple security issues.
  (LP: #1157385)
  - CVE numbers pending

91. By Marc Deslauriers on 2012-06-18

* SECURITY UPDATE: fix detection bypass via malformed tar entry with
  length that exceeds tar size
  - libclamav/untar.c: scan output at end of truncated tar
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=8e199ae3cfb2b862b8bc36d9a01c8f8d716169ab
  - CVE-2012-1457
* SECURITY UPDATE: fix detection bypass via crafted reset interval in
  CHM file
  - libclamav/mspack.c: properly scan chm with invalid handling.
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=a58b68f8adf2466b761ce05f74a4580c1f74fbe6
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
  - CVE-2012-1458
* SECURITY UPDATE: fix detection bypass via tar archive with invalid
  length field
  - libclamav/untar.c: improve logic, look at checksums
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=c3c807d78b09b3f64630601002fdc7db257d89da
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011
  - CVE-2012-1459

90. By Jamie Strandboge on 2011-10-28

* SECURITY UPDATE: fix recursion level crash
  - libclamav/bytecode.c, libclamav/bytecode_api.c:adjust recursion level
    before and after calling cli_magic_scandesc()
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=patch;h=3d664817f6ef833a17414a4ecea42004c35cc42f
  - CVE-2011-3627

89. By Marc Deslauriers on 2011-02-23

* SECURITY UPDATE: denial of service via double free in vba processing
  - libclamav/vba_extract.c: set buf to NULL when it gets freed.
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
  - CVE-2011-1003

88. By Scott Kitterman on 2010-12-17

* Microversion update for Lucid (LP: #691414)
  - Improved database login times
  - Expanded use of new bytecode signatures
  - Other bugfixes/improvements

87. By Serge Hallyn on 2010-12-06

* SECURITY UPDATE: Backport security fixes from 0.96.5 (LP: #673654):
  - (simple port from Scott Kitterman's debdiff for natty)
  - libclamav/pdf.c: fix crashes
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=019f1955194360600ecf0644959ceca6734c2d7b
  - CVE-2010-4260, CVE-2010-4479
  - libclamav/pe_icons.c: off by one
  - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=1f3db7f074995bd4e1d0183b2db8b1c472d2f41b
  - CVE-2010-4261

86. By Scott Kitterman on 2010-10-11

Microversion update to 0.96.3 for Lucid (LP: #653738)