Public bug reported: Scheduled-For: ubuntu-25.06 Ubuntu: 1.4.2+dfsg-0ubuntu1 Debian Unstable: 1.4.2+dfsg-1
The current version in Ubuntu went ahead of Debian in the past, so this package may be diverged from Debian and require more review than usual to get back to mergeability. If this Debian version should not be considered for merges or syncs in the future, you can request the package/version be added to the PDBQ Ignore List at https://answers.launchpad.net/pdbq A new release of clamav is available for merging from Debian Unstable. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### clamav (1.4.2+dfsg-1) unstable; urgency=medium * Import 1.4.2 (Closes: #1093880) - CVE-2025-20128 (buffer overflow read bug in the OLE2 file parser). -- Sebastian Andrzej Siewior <[email protected]> Thu, 06 Feb 2025 21:56:48 +0100 ### Old Ubuntu Delta ### clamav (1.4.2+dfsg-0ubuntu1) plucky; urgency=medium * Updated to version 1.4.2 to fix security issue. - debian/rules: bump CL_FLEVEL to 212. - debian/libclamav12.symbols: updated CLAMAV_PRIVATE and cl_retflevel symbols to new version. - CVE-2025-20128 -- Marc Deslauriers <[email protected]> Thu, 23 Jan 2025 12:58:42 -0500 clamav (1.4.1+dfsg-1ubuntu1) plucky; urgency=medium * Merge with Debian unstable (LP: #2085222). Remaining changes: - clamav-base.postinst.in: Quell warning from check for clamav user (LP #1920217). - d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not recognize the "None" type specified by dh-cmake. (LP #2071663) - Extend ifupdown script to support networkd-dispatcher. + d/clamav-freshclam-ifupdown: Modernize some parts of the script. Implement support for networkd-dispatcher. + d/clamav-freshclam.links: Install the clamav-freshclam-ifupdown script inside the proper /usr/lib/networkd-dispatcher/{off,routable}.d/ directories. (LP #1718227) - debian/po: update translations * Dropped: - SECURITY UPDATE: out of bounds read in PDF parser + debian/patches/CVE-2024-20505.patch: add more checks to libclamav/pdf.c, libclamav/pdfng.c. + CVE-2024-20505 [Included in Debian 1.4.1+dfsg-1] - SECURITY UPDATE: file overwrite via log file symlinks + debian/patches/CVE-2024-20506.patch: disable following symlinks when opening log files in common/output.c. + CVE-2024-20506 [Included in Debian 1.4.1+dfsg-1] - d/patches: add a patch to make the build system respect the rustflags (LP #2071663). [Taken upstream in 1.4.0] - d/rules, d/s/include-binaries, d/p/Fix-unit-test-caused-by-expiring-signing-certificate.patch: Fix signing of "text.exe" with expired certs. (LP #2078478) [Already present in Debian 1.3.1+dfsg-5] -- Bryce Harrington <[email protected]> Thu, 16 Jan 2025 16:27:52 -0800 ** Affects: clamav (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: clamav (Ubuntu) Milestone: None => ubuntu-25.06 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2110450 Title: Merge clamav from Debian Unstable for questing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2110450/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
