Overview
Request 126882 accepted
- package for Evergreen project
--------------------------------------------------------------------
- update to 0.95.5 [bnc#767574]
- addresses possible evasion cases in some archive formats
- CVE-2012-1457: allows to bypass malware detection via a TAR
archive
entry with a length field that exceeds the total TAR file size
- CVE-2012-1458: allows to bypass malware detection via a crafted
reset interval in the LZXC header of a CHM file
- CVE-2012-1459: allows to bypass malware detection via a TAR
archive
entry with a length field corresponding to that entire entry,
plus
part of the header of the next entry
- also addresses stability issues in portions of the bytecode
engine
- update clamav-conf.patch for moved lines
- add a definitions snapshot as {main,daily}.cvd no longer in
tarball
- fix file-contains-date-and-time rpmlint warning
Request History
toganm created request
- package for Evergreen project
--------------------------------------------------------------------
- update to 0.95.5 [bnc#767574]
- addresses possible evasion cases in some archive formats
- CVE-2012-1457: allows to bypass malware detection via a TAR
archive
entry with a length field that exceeds the total TAR file size
- CVE-2012-1458: allows to bypass malware detection via a crafted
reset interval in the LZXC header of a CHM file
- CVE-2012-1459: allows to bypass malware detection via a TAR
archive
entry with a length field corresponding to that entire entry,
plus
part of the header of the next entry
- also addresses stability issues in portions of the bytecode
engine
- update clamav-conf.patch for moved lines
- add a definitions snapshot as {main,daily}.cvd no longer in
tarball
- fix file-contains-date-and-time rpmlint warning
lijews accepted request
Thanks
