On Sun, 2025-06-29 at 23:32 +0200, Sebastian Andrzej Siewior wrote: > ClamAV upstream released 1.0.9 which is their LTS version matching > the release in Bookworm. It addresses two CVEs: > > - CVE-2025-20128 (Fixed a possible buffer overflow read bug in the > OLE2 file parser that could cause a denial-of-service (DoS) > condition) > - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the > PDF file parser that could cause a denial-of-service (DoS) condition > or enable remote code execution.)
I should have checked sooner, but were you looking for this to be released as an SUA? Regards, Adam
