Skip to content

Clam 2252 Update libmspack 0.10.1alpha to 0.11alpha (0.103)#830

Merged
val-ms merged 3 commits intoCisco-Talos:dev/0.103.8from
val-ms:CLAM-2252-libmspack-0.11alpha-0.103
Feb 12, 2023
Merged

Clam 2252 Update libmspack 0.10.1alpha to 0.11alpha (0.103)#830
val-ms merged 3 commits intoCisco-Talos:dev/0.103.8from
val-ms:CLAM-2252-libmspack-0.11alpha-0.103

Conversation

@val-ms
Copy link
Contributor

@val-ms val-ms commented Feb 8, 2023

No description provided.

@val-ms val-ms added this to the 0.103.8 milestone Feb 8, 2023
@val-ms val-ms force-pushed the CLAM-2252-libmspack-0.11alpha-0.103 branch from 601b581 to 580bf64 Compare February 8, 2023 17:18
@val-ms val-ms merged commit f678a5f into Cisco-Talos:dev/0.103.8 Feb 12, 2023
@val-ms val-ms deleted the CLAM-2252-libmspack-0.11alpha-0.103 branch February 12, 2023 23:44
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Feb 21, 2023
security/clamav: update to 0.103.8
45011ac 
pkgsrc change: avoid use empty in options.mk.

Security release.

0.103.8 (2023-02-15)

* CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>:
  Fixed a possible remote code execution vulnerability in the HFS+ file
  parser.  The issue affects versions 1.0.0 and earlier, 0.105.1 and
  earlier, and 0.103.7 and earlier.  Thank you to Simon Scannell for
  reporting this issue.

* CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>:
  Fixed a possible remote information leak vulnerability in the DMG file
  parser.  The issue affects versions 1.0.0 and earlier, 0.105.1 and
  earlier, and 0.103.7 and earlier.  Thank you to Simon Scannell for
  reporting this issue.

* Update the vendored libmspack library to version 0.11alpha.

* GitHub pull request: Cisco-Talos/clamav#830
jperkin pushed a commit to TritonDataCenter/pkgsrc that referenced this pull request Jun 21, 2023
@jperkin
security/clamav: update to 0.103.8
e1081fa 
pkgsrc change: avoid use empty in options.mk.

Security release.

0.103.8 (2023-02-15)

* CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>:
  Fixed a possible remote code execution vulnerability in the HFS+ file
  parser.  The issue affects versions 1.0.0 and earlier, 0.105.1 and
  earlier, and 0.103.7 and earlier.  Thank you to Simon Scannell for
  reporting this issue.

* CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>:
  Fixed a possible remote information leak vulnerability in the DMG file
  parser.  The issue affects versions 1.0.0 and earlier, 0.105.1 and
  earlier, and 0.103.7 and earlier.  Thank you to Simon Scannell for
  reporting this issue.

* Update the vendored libmspack library to version 0.11alpha.

* GitHub pull request: Cisco-Talos/clamav#830
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ragusaa ragusaa ragusaa approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

🍒cherry-picked fix (backport)

Projects

None yet

Milestone

0.103.8

Development

Successfully merging this pull request may close these issues.

2 participants

@val-ms @ragusaa