1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1093880: marked as done (clamav: CVE-2025-20128) (2/2)

    From Debian Bug Tracking System@1:229/2 to All on Sat Jul 5 18:20:01 2025
    [continued from previous message]

    d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type:
    Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID
    :Content-Description:In-Reply-To:References;
    bh=AQyM/E4ZBdGOEenNhhk73LKNCqG9qAxn2/JY4MyRSvw=; b=Xpv9PlQpqshKnHEfDQSjtdO76c
    ZV3DAxwMgKO5IUf9egFFnh2AD0fNWjRwkY7nrXYxO0FAPOAgHnEs2CpzuugaMg6Kf90dAuUvMg/oz
    JBX5uxxdEmmGfaT8q0npqwfkpNa70WkA5gRiDRXXLZUpIv8wZos8j79JFwfy0penDFrGs0N0Y+fq1
    QU/EfVMqkOyxAe7PvXn62z/jNMTu3Xzw7cDL0taW9JE89KNMjx2Jja1mz13YxCGjVviqGfIXugToy
    pdinTAOVEeHPs9mQ5BGxvD12hiV7ZpYoeoA1QBlqqBY1KVJTUGS8CPygfdPWB/OS6y2zVwqE0aELZ
    DJ96baQA==;
    Received: from dak by fasolo.debian.org with local (Exim 4.94.2)
    (envelope-from <[email protected]>)
    id 1uY5Zc-00B3sb-TL; Sat, 05 Jul 2025 16:17:08 +0000
    From: Debian FTP Masters <[email protected]>
    Reply-To: Sebastian Andrzej Siewior <[email protected]>
    To: [email protected]
    X-DAK: dak process-policy
    X-Debian: DAK
    X-Debian-Package: clamav
    Debian: DAK
    Debian-Changes: clamav_1.0.9+dfsg-1~deb12u1_source.changes
    Debian-Source: clamav
    Debian-Version: 1.0.9+dfsg-1~deb12u1
    Debian-Architecture: source
    Debian-Suite: proposed-updates
    Debian-Archive-Action: accept
    MIME-Version: 1.0
    Subject: Bug#1093880: fixed in clamav 1.0.9+dfsg-1~deb12u1
    Content-Type: multipart/signed; micalg="pgp-sha256";
    protocol="application/pgp-signature";
    boundary="===============6915377478798539338=="
    Message-Id: <[email protected]>
    Date: Sat, 05 Jul 2025 16:17:08 +0000

    --===============6915377478798539338==
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: quoted-printable

    Source: clamav
    Source-Version: 1.0.9+dfsg-1~deb12u1
    Done: Sebastian Andrzej Siewior <[email protected]>

    We believe that the bug you reported is fixed in the latest version of
    clamav, which is due to be installed in the Debian FTP archive.

    A summary of the changes between this version and the previous one is
    attached.

    Thank you for reporting the bug, which will now be closed. If you
    have further comments please address them to [email protected],
    and the maintainer will reopen the bug report if appropriate.

    Debian distribution maintenance software
    pp.
    Sebastian Andrzej Siewior <[email protected]> (supplier of updated clamav package)

    (This message was generated automatically at their request; if you
    believe that there is a problem with it please contact the archive administrators by mailing [email protected])


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sun, 29 Jun 2025 21:57:41 +0200
    Source: clamav
    Architecture: source
    Version: 1.0.9+dfsg-1~deb12u1
    Distribution: bookworm
    Urgency: medium
    Maintainer: ClamAV Team <[email protected]>
    Changed-By: Sebastian Andrzej Siewior <[email protected]>
    Closes: 1093880 1108046
    Changes:
    clamav (1.0.9+dfsg-1~deb12u1) bookworm; urgency=medium
    .
    * Import 1.0.9
    - CVE-2025-20128 (Fixed a possible buffer overflow read bug in the OLE2
    file parser that could cause a denial-of-service (DoS) condition)
    Closes: #1093880
    - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the PDF
    file parser that could cause a denial-of-service (DoS) condition or
    enable remote code execution.) Closes: #1108046
    Checksums-Sha1:
    bc1e65131277d4e77f48fbb10140c77f10542ba6 2849 clamav_1.0.9+dfsg-1~deb12u1.dsc
    044b5d62c82594650e9a6951cc2e96dbfa8d68d8 27490160 clamav_1.0.9+dfsg.orig.tar.xz
    f82085c1a6ab7ba56313e9237293b9f9f3f38ed3 218980 clamav_1.0.9+dfsg-1~deb12u1.debian.tar.xz
    Checksums-Sha256:
    06b89a8131c79a796c7447e26597cb9276ba0f40a12a261f15f474d985e6b1a3 2849 clamav_1.0.9+dfsg-1~deb12u1.dsc
    125bbfb3ccc7032f0c903de9143b262288f49281ae56a71ebdff834b1c72982a 27490160 clamav_1.0.9+dfsg.orig.tar.xz
    01e7ee1eccfecdb471ea9c31ced0d030fdeb6f5f9542b44c55474be3f229cd03 218980 clamav_1.0.9+dfsg-1~deb12u1.debian.tar.xz
    Files:
    51ddd6e8886c797eeff8f6b33e333a37 2849 utils optional clamav_1.0.9+dfsg-1~deb12u1.dsc
    da36f12802547799f2fee66ea9e74380 27490160 utils optional clamav_1.0.9+dfsg.orig.tar.xz
    26a4a92868f51c68d1828990cdb0dc79 218980 utils optional clamav_1.0.9+dfsg-1~deb12u1.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmhhrpQACgkQBWQfF1cS +lt5lAv9ECvwbqaqHnLoqrWok8ooFA1F8u7CnKrqYX64848mx5WnlG/LKfrClPb0 H0wqX1wS8lkRrs/u1GSvgymL4zxIyvdNsFGLx7oROfx0iKBMZDX7nH3+I3IYlEvd HP9k/6cL+rwRPqkIr6t7QSCbVAv9TeYY6VGRBjl47a0lLuJVhZ1yTiK+iCLUzcm5 +q16HeQEumeF2HxBWWqxqQJAtlLZ5VYvkquVTQQraSoAm1qZAx2sbtErYKjNff15 ATyawpkgBWuF2zCampnolJBN0DnqetGgDVtECKo3bTJK7edxwUilq6zsQaxsMDnu tMKnVpgt/WXjrkiWAjGeduQbMLxW3jC2jo385WzrrNa4nmpFD4v0B4J4RRQgV6zs Oj7Nxj4/pbn+79hZ4txS8QOkfx0ss3Or6MjnKbEa7FXPxsQQve8FZVFrn5XJmpQx P+zpupvBR8FQHEgDQPYvVH2B/A/6nkoIzuzMivYyi/SuT8jYuak9MtqxDkAkTbhb
    QwCIBheY
    =TAiM
    -----END PGP SIGNATURE-----


    --==============i15377478798539338=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaGlQBAAKCRCb9qggYcy5 ISW9APwIZZDt0XRtavKF1WBJHtL4E8YRk1fA+Z4J6x2zpozjfgEA7WEB4SdA/VHa HPTTb77t2OHjQCZaL8IIz7Qz9TR3dQc=s/Ib
    -----END PGP SIGNATURE-----

    --==============i15377478798539338==--

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)