SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for clamav-devel-0.91.2-1tr.i586.rpm :
Tue Aug 21 14:00:00 2007 Nived Gopalan 0.91.2-1tr
- New Upstream.

Tue Aug 14 14:00:00 2007 Nived Gopalan 0.91.1-1tr
- New Upstream.

Fri Jul 13 14:00:00 2007 Nived Gopalan 0.91-1tr
- New Upstream.
- SECURITY Fix: Metaeye SG has reported a vulnerability in ClamAV,
caused due to a NULL-pointer dereference error within
libclamav/unrar/unrarvm.c when handling RAR archives. This can
be exploited to cause a crash via a specially crafted RAR
archive (SA26038).

Mon Jun 4 14:00:00 2007 Nived Gopalan 0.90.3-1tr
- New Upstream.
- SECURITY Fix: Victor Stinner has reported a vulnerability in ClamAV,
caused due to an error within the OLE2 parser when handling objects
with malformed FAT partitions and large property sizes. This can be
exploited to cause a DoS due to storage and CPU resource consumption
by scanning a specially crafted OLE2 file.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2007-2650 to this issue.

Mon Apr 16 14:00:00 2007 Bipin S 0.90.2-1tr
- New upstream.
- SECURITY Fix: A file descriptor leak error in the
\"chm_decompress_stream()\" [libclamav/chmunpack.c] function,
which could be exploited by attackers to crash an affected system
via a specially crafted CHM file.

A buffer overflow error in the \"cab_unstore()\" [libclamav/cab.c]
function when processing a negative value read from a CAB file,
which could be exploited by attackers to crash an affected
application or compromise a vulnerable system via a specially
crafted CAB file.

The Common Vulnerabilities and Exposures project has assigned the
names CVE-2007-1745 and CVE-2007-1997 to these issues.

Mon Mar 5 13:00:00 2007 Bipin S 0.90.1-1tr
- New upstream.

Mon Feb 19 13:00:00 2007 Bipin S 0.90-1tr
- New upstream.
- SECURITY Fix: Input validation error when parsing multipart messages
with a header containing a specially crafted \"id\" parameter, which
could be exploited by malware to overwrite certain files (e.g. the
virus database) via a directory traversal attack and bypass security
checks.
- Vulnerability due to a file descriptor leak when processing CAB
files with a record length of zero, which could be exploited by
attackers or malware to prevent a vulnerable application from scanning
certain archives (e.g. ZIP or TAR) via a specially crafted cabinet file.

The Common Vulnerabilities and Exposures project has assigned the
names CVE-2007-0897 and CVE-2007-0898 to these issues.

Wed Dec 13 13:00:00 2006 Bipin S 0.88.7-1tr
- New Upstream.
- SECURITY Fix: Hendrik Weimer has reported a vulnerability in ClamAV,
which can be exploited by malicious people to cause a DoS (Denial of
Service). The vulnerability is caused due to a stack overflow when
scanning messages with deeply nested multipart content. This can be
exploited to crash the service by sending specially crafted emails to a
vulnerable system.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-6481 to this issue.

Tue Nov 7 13:00:00 2006 Bipin S 0.88.6-1tr
- New Upstream.

Mon Oct 16 14:00:00 2006 Nived Gopalan 0.88.5-1tr
- New Upstream.
- SECURITY Fix: Two vulnerabilities have been reported in Clam AntiVirus,
which can be exploited by malicious people to cause a DoS (SA22370).
- Fixes an unspecified error in the CHM unpacker in chmunpack.c which
can be exploited to cause a DoS.
- Fixes an unspecified error in rebuildpe.c when rebuilding PE files
after unpacking which can be exploited to cause a heap-based buffer
overflow.

Tue Aug 8 14:00:00 2006 Bipin S 0.88.4-1tr
- New Upstream.
- SECURITY Fix: Damian Put has discovered a vulnerability in ClamAV,
which is caused due to an boundary error in the \"pefromupx()\"
function in libclamav/upx.c when unpacking PE executable files
compressed with UPX. This can be exploited to cause a heap-based
buffer overflow via a specially crafted UPX compressed file.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-4018 this issue.

Tue Jul 4 14:00:00 2006 Bipin S 0.88.3-1tr
- New Upstream.
- Fixes handling of large binhex files and multiple alternatives
in virus signatures.

Tue May 2 14:00:00 2006 Nived Gopalan 0.88.2-1tr
- New Upstream.
- SECURITY Fix: A vulnerability has been reported in ClamAV caused due to
a boundary error within the HTTP client in the Freshclam command line
utility. This can be exploited to cause a stack-based buffer overflow
when the HTTP headers received from a web server exceeds 8KB.

The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-1989 this issue.

Wed Apr 5 14:00:00 2006 Bipin S 0.88.1-1tr
- New Upstream
- Minor bugfixes done.

Thu Jan 12 13:00:00 2006 Nived Gopalan 0.88-1tr
- New Upstream.
- Fixes possible heap overflow in libclamav/upx.c.

Mon Nov 14 13:00:00 2005 Nived Gopalan 0.87.1-2tr
- Moved libclamav.pc to devel, Bug #1379.

Mon Nov 7 13:00:00 2005 Bipin S 0.87.1-1tr
- New upstream and Multiple Security Fixes.
- Fixes buffer overflow error in \"fsg.c\" when unpacking malformed FSG files.
- Fixes infinite loop vulnerability in \"tnef.c\" when processing malformed TNEF files.
- Fixes OLE2 unpacker potential denial of service vulnerability (CVE-2005-3239).
- Fixes cabinet-file handling denial of service vulnerability (CVE-2005-3501).

The Common Vulnerabilities and Exposures project has assigned the names
CVE-2005-3239 and CVE-2005-3501.

Mon Sep 19 14:00:00 2005 Syed Shabir Zakiullah 0.87-1tr
- New Upstream
- Fixes vulnerabilities in handling of UPX and FSG compressed executables

Mon Jul 25 14:00:00 2005 Syed Shabir Zakiullah 0.86.2-1tr
- New Upstream
- Fixes for three possible integer overflows in libclamav, improved scanning of
Cabinet and FSG compressed files, better database handling in clamav-milter.

Mon Jun 27 14:00:00 2005 Hasher Jamaludeen 0.86.1-2tr
- Fixed freshclam.sh which prevents starting of freshclam when $LOGFILE
is empty. With reference to Bug #976.

Fri Jun 24 14:00:00 2005 Bipin S 0.86.1-1tr
- New upstream
- A possible crash in the libmspack\'s Quantum decompressor has been fixed. Bug #969

Tue Jun 21 14:00:00 2005 Syed Shabir Zakiullah 0.86-1tr
- New Upstream
- Possible descriptor leaks in archive unpackers and mishandling of fast track
uuencoded files have been fixed in libclamav.
- Database reloading in clamav-milter has been improved.
- Fix potential directory traversal in cvd unpacker (a low risk problem since
all databases are digitally signed).

Wed May 18 14:00:00 2005 Syed Shabir Zakiullah 0.85.1-1tr
- New Upstream
- A problem where an email with more than one content-disposition type line,
one or more of which was empty, could crash libclamav has been fixed. Other
minor bugfixes have been made.

Sat Apr 30 14:00:00 2005 Syed Shabir Zakiullah 0.84-1tr
- New Upstream, improves detection of JPEG (MS04-028) based exploits, introduces
support for TNEF files and new detection mechanisms. Various bugfixes
(including problems with scanning of digest mail files) and improvements
have been made.

Wed Apr 20 14:00:00 2005 Thushara Gopalakrishnan 0.83-4tr
- Changed init priority

Tue Mar 15 13:00:00 2005 Hasher Jamaludeen 0.83-2tr
- Rebuilt

Fri Feb 18 13:00:00 2005 Raghu 0.83-2tr
- New Upstream

Mon Oct 11 14:00:00 2004 Erlend Midttun 0.75-2tr
- Now PreReq chkconfig.

Mon Oct 4 14:00:00 2004 Syed Shabir 0.75-1tr
- New Upstream.

Mon May 3 14:00:00 2004 Erlend Midttun 0.70-1em
- New upstream.

Mon Mar 8 13:00:00 2004 Chr. Toldnes
- Rebuilt for TSL 2.1

Mon Mar 1 13:00:00 2004 Erlend Midttun 0.66-5em
- Fixed user/group in logrotate.

Fri Feb 27 13:00:00 2004 Goetz Bock 066-4bg
- fixed user/group setup
- added some build requirements

Sun Feb 15 13:00:00 2004 Erlend Midttun 0.66-3em
- Now create log files in logrotate.
- Added \"notifempyty\" as well.
- Added /usr/lib/
*.so to -devel.

Fri Feb 13 13:00:00 2004 Gerald Dachs 0.66-2gd
- added DatabaseMirror for freshclam in clamav.conf

Fri Feb 13 13:00:00 2004 Gerald Dachs 0.66-1gd
- New upstream

Mon Feb 9 13:00:00 2004 Erlend Midttun
- Added strlen patch to prevent DoS.
- Also fixed uid of logrotate.d/
*.

Fri Jan 30 13:00:00 2004 Erlend Midttun
- Take II, now with better adding of users and a better config file.

Fri Jan 30 13:00:00 2004 Erlend Midttun
- Adapted to Trustix Contrib.

Sun Dec 7 13:00:00 2003 Petr Kri�tof
- Fix Epoch dependencies by Eduardo Kaftanski

Sun Nov 23 13:00:00 2003 Petr Kri�tof
- Update .spec file
- Fix RH-7.3 program-prefix by Kenneth Porter
- Rebuild on FC1

Sun Nov 16 13:00:00 2003 Petr Kri�tof
- Fix doc errors
- Fix dependencies
- Patch for RH-7.3 by Lionel Bouton
- Patch for RH-7.3 by Chris de Vidal
- Option --without-milter by J�n Ondrej (SAL)

Wed Nov 12 13:00:00 2003 Petr Kri�tof
- Removed package db
- Added LogWatch support
- Added FreshClam support
- Moved logfiles to own subdirectory
- Update to 0.65

Wed Sep 10 14:00:00 2003 Petr Kri�tof
- Option for build without clamavdb

Thu Jul 10 14:00:00 2003 Petr Kri�tof
- Split package to clamav, db, milter, devel

Sun Jun 22 14:00:00 2003 Petr Kri�tof
- Update to 0.60

Tue Jun 10 14:00:00 2003 Petr Kri�tof
- Fixed post, preun, postun scripts
- Update to 2003xxxx snapshots

Tue Feb 4 13:00:00 2003 Petr Kri�tof
- Rebuild on RH-8.0

Sun Dec 1 13:00:00 2002 Petr Kri�tof
- Based on PLD package
- Initial RH-7.3 build


  
ICM