1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1108504: bookworm-pu: package clamav/1.0.9+dfsg-1~deb12u1

    From Adam D. Barratt@21:1/5 to Sebastian Andrzej Siewior on Sat Jul 19 20:20:01 2025
    XPost: linux.debian.devel.release

    On Sun, 2025-06-29 at 23:32 +0200, Sebastian Andrzej Siewior wrote:
    ClamAV upstream released 1.0.9 which is their LTS version matching
    the release in Bookworm. It addresses two CVEs:

    - CVE-2025-20128 (Fixed a possible buffer overflow read bug in the
    OLE2 file parser that could cause a denial-of-service (DoS)
    condition)
    - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the
    PDF file parser that could cause a denial-of-service (DoS) condition
    or enable remote code execution.)

    I should have checked sooner, but were you looking for this to be
    released as an SUA?

    Regards,

    Adam

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sebastian Andrzej Siewior@21:1/5 to Adam D. Barratt on Sun Jul 20 12:00:03 2025
    XPost: linux.debian.devel.release

    On 2025-07-19 19:14:28 [+0100], Adam D. Barratt wrote:
    On Sun, 2025-06-29 at 23:32 +0200, Sebastian Andrzej Siewior wrote:
    ClamAV upstream released 1.0.9 which is their LTS version matching
    the release in Bookworm. It addresses two CVEs:

    - CVE-2025-20128 (Fixed a possible buffer overflow read bug in the
    OLE2 file parser that could cause a denial-of-service (DoS)
    condition)
    - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the
    PDF file parser that could cause a denial-of-service (DoS) condition
    or enable remote code execution.)

    I should have checked sooner, but were you looking for this to be
    released as an SUA?

    It would be nice given the CVEs that are referenced by upstream. So if
    it is not too much work given all the Trixie preparation.

    Regards,

    Adam

    Sebastian

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)