Re: [SUA 146-1] Updated clamav version
Adam,
Thank you for the update information.. Can you update my email address as it has changed from diver@dccnet.com to diver.dbj@gmail.com
I LOVE Debian, thanks for the work you do.
Warmly,
Derek Johnson
> On Jul 31, 2018, at 13:05, Adam D. Barratt <adam@adam-barratt.org.uk> wrote:
>
> -----------------------------------------------------------------------
> Debian Stable Updates Announcement SUA 146-1 https://www.debian.org
> debian-release@lists.debian.org Sebastian A. Siewior
> July 31st, 2018
> -----------------------------------------------------------------------
>
> Package : clamav
> Version : 0.100.1+dfsg-0+deb9u1
> Importance : medium
>
> ClamAV is an AntiVirus toolkit for Unix.
>
> Upstream published version 0.100.1.
>
> This is a mostly a bug-fix release. The changes are not strictly
> required for operation, but users of the previous version in stretch
> may not be able to make use of all current virus signatures and might
> get warnings.
>
> Changes since 0.100.0 currently in stretch include fixes for two
> security issues.
>
> CVE-2018-0360
>
> ClamAV before 0.100.1 has an HWP integer overflow with a resultant
> infinite loop via a crafted Hangul Word Processor file.
>
> CVE-2018-0361
>
> ClamAV before 0.100.1 lacks a PDF object length check, resulting
> in an unreasonably long time to parse a relatively small file.
>
> If you use clamav, we recommend that you install this update.
>
>
> Upgrade Instructions
> --------------------
>
> You can get the updated packages by adding the stable-updates archive
> for your distribution to your /etc/apt/sources.list:
>
> deb http://ftp.debian.org/debian stretch-updates main
> deb-src http://ftp.debian.org/debian stretch-updates main
>
> You can also use any of the Debian archive mirrors. See
> https://www.debian.org/mirrors/list for the full list of mirrors.
>
> For further information about stable-updates, please refer to
> https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html
>
> If you encounter any issues, please don't hesitate to get in touch with
> the Debian Release Team at debian-release@lists.debian.org
Reply to: