[ubuntu/jammy-security] clamav 1.4.3+dfsg-0ubuntu0.22.04.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jul 2 12:18:10 UTC 2025
clamav (1.4.3+dfsg-0ubuntu0.22.04.1) jammy-security; urgency=medium
* Rebuild as security update for Ubuntu 22.04 LTS.
- debian/control: remove BD on dpkg-dev and systemd-dev
- CVE-2025-20234
- CVE-2025-20260
clamav (1.4.3+dfsg-0ubuntu1) questing; urgency=medium
* Updated to version 1.4.3 to fix security issue.
- debian/rules: bump CL_FLEVEL to 213.
- debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
- CVE-2025-20234
- CVE-2025-20260
clamav (1.4.2+dfsg-1ubuntu1) questing; urgency=medium
* Merge with Debian unstable. Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
(LP #2071663)
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- debian/po: update translations
* Dropped:
- Updated to version 1.4.2 to fix security issue.
+ debian/rules: bump CL_FLEVEL to 212.
+ debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
+ CVE-2025-20128
[Debian now carries 1.4.2]
clamav (1.4.2+dfsg-1) unstable; urgency=medium
* Import 1.4.2 (Closes: #1093880)
- CVE-2025-20128 (buffer overflow read bug in the OLE2 file parser).
clamav (1.4.2+dfsg-0ubuntu2) questing; urgency=medium
* No-change rebuild for libxml2 soname change.
clamav (1.4.2+dfsg-0ubuntu1) plucky; urgency=medium
* Updated to version 1.4.2 to fix security issue.
- debian/rules: bump CL_FLEVEL to 212.
- debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
- CVE-2025-20128
clamav (1.4.1+dfsg-1ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2085222). Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
(LP #2071663)
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- debian/po: update translations
* Dropped:
- SECURITY UPDATE: out of bounds read in PDF parser
+ debian/patches/CVE-2024-20505.patch: add more checks to
libclamav/pdf.c, libclamav/pdfng.c.
+ CVE-2024-20505
[Included in Debian 1.4.1+dfsg-1]
- SECURITY UPDATE: file overwrite via log file symlinks
+ debian/patches/CVE-2024-20506.patch: disable following symlinks when
opening log files in common/output.c.
+ CVE-2024-20506
[Included in Debian 1.4.1+dfsg-1]
- d/patches: add a patch to make the build system respect the rustflags
(LP #2071663).
[Taken upstream in 1.4.0]
- d/rules, d/s/include-binaries,
d/p/Fix-unit-test-caused-by-expiring-signing-certificate.patch:
Fix signing of "text.exe" with expired certs.
(LP #2078478)
[Already present in Debian 1.3.1+dfsg-5]
clamav (1.4.1+dfsg-1) unstable; urgency=medium
* Import 1.4.1 (Closes: #1080962)
- CVE-2024-20506 (Changed the logging module to disable following symlinks
on Linux)
- CVE-2024-20505 (Fixed a possible out-of-bounds read bug in the PDF file
parser).
clamav (1.3.1+dfsg-5ubuntu2) oracular; urgency=medium
* SECURITY UPDATE: out of bounds read in PDF parser
- debian/patches/CVE-2024-20505.patch: add more checks to
libclamav/pdf.c, libclamav/pdfng.c.
- CVE-2024-20505
* SECURITY UPDATE: file overwrite via log file symlinks
- debian/patches/CVE-2024-20506.patch: disable following symlinks when
opening log files in common/output.c.
- CVE-2024-20506
clamav (1.3.1+dfsg-5ubuntu1) oracular; urgency=medium
* Merge from Debian unstable. Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
- d/patches: add a patch to make the build system respect the rustflags
(LP: #2071663).
clamav (1.3.1+dfsg-5) unstable; urgency=medium
* Update expired certs (Closes: #1078274).
clamav (1.3.1+dfsg-4ubuntu2) oracular; urgency=medium
* d/rules, d/s/include-binaries,
d/p/Fix-unit-test-caused-by-expiring-signing-certificate.patch:
Fix signing of "text.exe" with expired certs.
[Adopted from Debian 1.3.1+dfsg-5]
(LP: #2078478)
clamav (1.3.1+dfsg-4ubuntu1) oracular; urgency=low
* Merge from Debian unstable. Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
- d/patches: add a patch to make the build system respect the rustflags
(LP: #2071663).
clamav (1.3.1+dfsg-4) unstable; urgency=medium
* Move files from lib to usr/lib (Closes: #1073612).
* Apply patch against unaligned access. Credits to Vladimir Petko and
Gianfranco Costamagna (Closes: #1073128).
clamav (1.3.1+dfsg-3ubuntu3) oracular; urgency=medium
* d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
* d/patches: add a patch to make the build system respect the rustflags
(LP: #2071663).
clamav (1.3.1+dfsg-3ubuntu2) oracular; urgency=medium
* No-change rebuild to enable frame pointers
clamav (1.3.1+dfsg-3ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2064394). Remaining changes:
- d/p/resolve-armhf-ftbfs.patch: resolve armhf failure to build from
source. (Closes #1073128)
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
clamav (1.3.1+dfsg-3) unstable; urgency=medium
* Upload to unstable.
clamav (1.3.1+dfsg-2) experimental; urgency=medium
* Revert the t64 suffix (Closes: #1071232).
clamav (1.3.1+dfsg-1) experimental; urgency=medium
* Import 1.3.1
* Add systemd-dev to Build-Depends (Closes: #1060559).
* Mark clamav-base as foreign (Closes: #1060889).
* Bump standards-version to 4.7.0 without changes.
clamav (1.2.1+dfsg-3) experimental; urgency=medium
* Add proper Breaks/Replaces for the docs vs clamav. Rightfully reported by
Andreas Beckmann (Closes: #1055494).
* Update Swedish translation. Updated by Martin Bagge and Anders Jonsson
(Closes: #1062665).
* Rename libraries for 64-bit time_t transition. Based on NMU from Steve
Langasek (Closes: #1062072).
clamav (1.2.1+dfsg-2) experimental; urgency=medium
* Drop the PE patches, an alternative patch went upstream.
* Add proper Breaks/Replaces for the docs transitional packages. Rightfully
reported by Andreas Beckmann (Closes: #1055494).
clamav (1.2.1+dfsg-1) experimental; urgency=medium
* Import 1.2.1
* Add libclamav12 after so bump.
* Move documentation to clamav-doc.
clamav (1.0.5+dfsg-1.1ubuntu3) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
clamav (1.0.5+dfsg-1.1ubuntu2) noble; urgency=medium
* No-change rebuild against libcurl4t64
clamav (1.0.5+dfsg-1.1ubuntu1) noble; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/p/resolve-armhf-ftbfs.patch: resolve armhf failure to build from
source.
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP 1920217).
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP 1718227)
* Dropped:
- po files update
[previously undocumented]
[causes merge conflict on rebase]
clamav (1.0.5+dfsg-1ubuntu2) noble; urgency=medium
* No-change rebuild against libssl3t64
clamav (1.0.5+dfsg-1ubuntu1) noble; urgency=medium
* Merge with Debian unstable as security update.
Remaining changes:
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP: 1718227)
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP: 1920217).
- d/p/resolve-armhf-ftbfs.patch: resolve armhf failure to build from
source.
clamav (1.0.4+dfsg-0ubuntu1) noble; urgency=medium
* Updated to version 1.0.4 to fix db compatibility. (LP: #2046581)
- debian/rules: bump CL_FLEVEL to 164.
- debian/libclamav11.symbols: updated CLAMAV_PRIVATE symbols to new
version.
- debian/series/cargo-Remove-windows-referenfes.patch: disabled as
the mentioned files aren't being removed by the debian/get_orig.sh
script, so I assume the Debian maintainer is using a different script
to generate the dfsg tarball.
- debian/series/Freshclam-remove-curl-result-warning.patch: removed,
included in new version.
- Updated patches for new version:
+ libclamav-Sort-libclamav.map-and-libfreshclam.map.patch
+ libclamav-Add-missing-symbols.patch
clamav (1.0.3+dfsg-2ubuntu1) noble; urgency=medium
* Merge with Debian unstable as security update (LP: #2040372).
Remaining changes:
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP: 1718227)
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP: 1920217).
- d/p/resolve-armhf-ftbfs.patch: resolve armhf failure to build from
source.
clamav (1.0.3+dfsg-2) unstable; urgency=medium
* Remove unnecessary warning messages in freshclam during update.
clamav (1.0.3+dfsg-1) unstable; urgency=medium
* Import 1.0.3
clamav (1.0.2+dfsg-1ubuntu1) mantic; urgency=medium
[ Marc Deslauriers ]
* Merge with Debian unstable as security update (LP: #2031565).
Remaining changes:
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP: 1718227)
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP: 1920217).
- CVE-2023-20197
- CVE-2023-20212
[ Vladimir Petko ]
* d/p/resolve-armhf-ftbfs.patch: resolve armhf failure to build from
source.
clamav (1.0.2+dfsg-1) unstable; urgency=medium
* Import 1.0.2 (Closes: #1050057)
- CVE-2023-20197 (Possible DoS in HFS+ file parser).
- CVE-2023-20212 (Possible DoS in AutoIt file parser).
* Use cmake for xml2 detection (Closes: #949100).
* Replace tomsfastmath with OpenSSL's BN.
* Don't enable clamonacc by default (Closes: #1030171).
* Let the clamav-daemon.socket depend on the service file again
(Closes: #1044136).
clamav (1.0.1+dfsg-2ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2018063). Remaining changes:
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories.(LP: #1718227)
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP: #1920217).
clamav (1.0.1+dfsg-2) unstable; urgency=medium
* Depend on latest libtfm1 (Closes: #1031896, #1027010).
clamav (1.0.1+dfsg-1) unstable; urgency=medium
* Import 1.0.1 (Closes: #1031509)
- CVE-2023-20032 (Possible RCE in the HFS+ file parser).
- CVE-2023-20052 (Possible information leak in the DMG file parser).
clamav (1.0.0+dfsg-6) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
* Add d/p/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch to fix
rpath issues
[ Scott Kitterman ]
* Remove obsolete usr/share/doc/*/NEWS.gz links from debian/*.links, no
longer provided in the package (Thanks to Paul Wise for reporting)
(Closes: #1029173)
* Complete update of d/copyright for upstream file removal/reorganization
* Restore and update clamav-freshclam and libclamav lintian-overrides for
current lintian
* Drop depends on obsolete package lsb-base
clamav (1.0.0+dfsg-5) unstable; urgency=medium
[ Scott Kitterman ]
* Update paths in d/tests/clamd for new source layout
* Add misc:Pre-Depends to clamav-daemon and clamav-milter for
init-system-helpers
* Remove obsolete debian/NEWS file
* More lintian override corrections
* Start of removing obsolete d/copyright entries
[ Sebastian Andrzej Siewior ]
* Fix testsuite on big endian architectures.
clamav (1.0.0+dfsg-4) unstable; urgency=medium
* Drop unneeded build-depends on rust-lldb (Closes: #1027948).
clamav (1.0.0+dfsg-3) unstable; urgency=medium
* Upload to unstable
* Directly trigger html docs build to fix lack of html docs and update
clamav-docs.install
* Fixup duplicate globs in d/copyright
* Update paths for new source layout in lintian overrides
* Update clean rule for new tests
* Add debian/source/options to ignore changes in Cargo.lock when regenerated
during build
* Remove obsolete overrides from d/rules
clamav (1.0.0+dfsg-2) experimental; urgency=medium
[ Scott Kitterman ]
* Add libclamav11 replaces libclamav9 since the libfreshclam so name did not
change (Closes: #1027698).
[ Sebastian Andrzej Siewior ]
* Use a version-script and limit the exported symbols of libclamav and
libfreshclam.
clamav (1.0.0+dfsg-1) experimental; urgency=medium
* Update to 1.0.0 (Closes: #1006179).
Date: 2025-06-26 11:42:46.095061+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.22.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list