[Buildroot] [git commit] package/clamav: security bump to version 0.103.2
Peter Korsgaard
peter at korsgaard.com
Sun Apr 25 06:52:13 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=7aee27c2b9f4da87b50d8b330d086c695d900147
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> Fixes the following security issues:
> - CVE-2021-1386: Fix for UnRAR DLL load privilege escalation. Affects
> 0.103.1 and prior on Windows only.
> - CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects 0.103.0
> and 0.103.1 only.
> - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
> Affects 0.103.0 and 0.103.1 only.
> - CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects
> 0.103.1 and prior.
> - CVE-2021-27506: The ClamAV Engine (Version 0.103.1 and below) embedded in
> Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of
> parsing of malformed png files.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list