[ubuntu/noble-updates] clamav 1.4.3+dfsg-0ubuntu0.24.04.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Jul 2 14:59:47 UTC 2025
clamav (1.4.3+dfsg-0ubuntu0.24.04.1) noble-security; urgency=medium
* Rebuild as security update for Ubuntu 24.04 LTS.
- CVE-2025-20234
- CVE-2025-20260
clamav (1.4.3+dfsg-0ubuntu1) questing; urgency=medium
* Updated to version 1.4.3 to fix security issue.
- debian/rules: bump CL_FLEVEL to 213.
- debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
- CVE-2025-20234
- CVE-2025-20260
clamav (1.4.2+dfsg-1ubuntu1) questing; urgency=medium
* Merge with Debian unstable. Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
(LP #2071663)
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- debian/po: update translations
* Dropped:
- Updated to version 1.4.2 to fix security issue.
+ debian/rules: bump CL_FLEVEL to 212.
+ debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
+ CVE-2025-20128
[Debian now carries 1.4.2]
clamav (1.4.2+dfsg-1) unstable; urgency=medium
* Import 1.4.2 (Closes: #1093880)
- CVE-2025-20128 (buffer overflow read bug in the OLE2 file parser).
clamav (1.4.2+dfsg-0ubuntu2) questing; urgency=medium
* No-change rebuild for libxml2 soname change.
clamav (1.4.2+dfsg-0ubuntu1) plucky; urgency=medium
* Updated to version 1.4.2 to fix security issue.
- debian/rules: bump CL_FLEVEL to 212.
- debian/libclamav12.symbols: updated CLAMAV_PRIVATE and
cl_retflevel symbols to new version.
- CVE-2025-20128
clamav (1.4.1+dfsg-1ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2085222). Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
(LP #2071663)
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- debian/po: update translations
* Dropped:
- SECURITY UPDATE: out of bounds read in PDF parser
+ debian/patches/CVE-2024-20505.patch: add more checks to
libclamav/pdf.c, libclamav/pdfng.c.
+ CVE-2024-20505
[Included in Debian 1.4.1+dfsg-1]
- SECURITY UPDATE: file overwrite via log file symlinks
+ debian/patches/CVE-2024-20506.patch: disable following symlinks when
opening log files in common/output.c.
+ CVE-2024-20506
[Included in Debian 1.4.1+dfsg-1]
- d/patches: add a patch to make the build system respect the rustflags
(LP #2071663).
[Taken upstream in 1.4.0]
- d/rules, d/s/include-binaries,
d/p/Fix-unit-test-caused-by-expiring-signing-certificate.patch:
Fix signing of "text.exe" with expired certs.
(LP #2078478)
[Already present in Debian 1.3.1+dfsg-5]
clamav (1.4.1+dfsg-1) unstable; urgency=medium
* Import 1.4.1 (Closes: #1080962)
- CVE-2024-20506 (Changed the logging module to disable following symlinks
on Linux)
- CVE-2024-20505 (Fixed a possible out-of-bounds read bug in the PDF file
parser).
clamav (1.3.1+dfsg-5ubuntu2) oracular; urgency=medium
* SECURITY UPDATE: out of bounds read in PDF parser
- debian/patches/CVE-2024-20505.patch: add more checks to
libclamav/pdf.c, libclamav/pdfng.c.
- CVE-2024-20505
* SECURITY UPDATE: file overwrite via log file symlinks
- debian/patches/CVE-2024-20506.patch: disable following symlinks when
opening log files in common/output.c.
- CVE-2024-20506
clamav (1.3.1+dfsg-5ubuntu1) oracular; urgency=medium
* Merge from Debian unstable. Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
- d/patches: add a patch to make the build system respect the rustflags
(LP: #2071663).
clamav (1.3.1+dfsg-5) unstable; urgency=medium
* Update expired certs (Closes: #1078274).
clamav (1.3.1+dfsg-4ubuntu2) oracular; urgency=medium
* d/rules, d/s/include-binaries,
d/p/Fix-unit-test-caused-by-expiring-signing-certificate.patch:
Fix signing of "text.exe" with expired certs.
[Adopted from Debian 1.3.1+dfsg-5]
(LP: #2078478)
clamav (1.3.1+dfsg-4ubuntu1) oracular; urgency=low
* Merge from Debian unstable. Remaining changes:
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
- d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
- d/patches: add a patch to make the build system respect the rustflags
(LP: #2071663).
clamav (1.3.1+dfsg-4) unstable; urgency=medium
* Move files from lib to usr/lib (Closes: #1073612).
* Apply patch against unaligned access. Credits to Vladimir Petko and
Gianfranco Costamagna (Closes: #1073128).
clamav (1.3.1+dfsg-3ubuntu3) oracular; urgency=medium
* d/rules: use RelWithDebInfo profile as the Rust CMake scripts can not
recognize the "None" type specified by dh-cmake.
* d/patches: add a patch to make the build system respect the rustflags
(LP: #2071663).
clamav (1.3.1+dfsg-3ubuntu2) oracular; urgency=medium
* No-change rebuild to enable frame pointers
clamav (1.3.1+dfsg-3ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2064394). Remaining changes:
- d/p/resolve-armhf-ftbfs.patch: resolve armhf failure to build from
source. (Closes #1073128)
- clamav-base.postinst.in: Quell warning from check for clamav user
(LP #1920217).
- Extend ifupdown script to support networkd-dispatcher.
+ d/clamav-freshclam-ifupdown: Modernize some parts of
the script. Implement support for networkd-dispatcher.
+ d/clamav-freshclam.links: Install the
clamav-freshclam-ifupdown script inside the proper
/usr/lib/networkd-dispatcher/{off,routable}.d/
directories. (LP #1718227)
clamav (1.3.1+dfsg-3) unstable; urgency=medium
* Upload to unstable.
clamav (1.3.1+dfsg-2) experimental; urgency=medium
* Revert the t64 suffix (Closes: #1071232).
clamav (1.3.1+dfsg-1) experimental; urgency=medium
* Import 1.3.1
* Add systemd-dev to Build-Depends (Closes: #1060559).
* Mark clamav-base as foreign (Closes: #1060889).
* Bump standards-version to 4.7.0 without changes.
clamav (1.2.1+dfsg-3) experimental; urgency=medium
* Add proper Breaks/Replaces for the docs vs clamav. Rightfully reported by
Andreas Beckmann (Closes: #1055494).
* Update Swedish translation. Updated by Martin Bagge and Anders Jonsson
(Closes: #1062665).
* Rename libraries for 64-bit time_t transition. Based on NMU from Steve
Langasek (Closes: #1062072).
clamav (1.2.1+dfsg-2) experimental; urgency=medium
* Drop the PE patches, an alternative patch went upstream.
* Add proper Breaks/Replaces for the docs transitional packages. Rightfully
reported by Andreas Beckmann (Closes: #1055494).
clamav (1.2.1+dfsg-1) experimental; urgency=medium
* Import 1.2.1
* Add libclamav12 after so bump.
* Move documentation to clamav-doc.
Date: 2025-06-26 11:42:27.519000+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.24.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list