Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package clamav for openSUSE:Factory checked 
in at 2026-07-03 16:04:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/clamav (Old)
 and      /work/SRC/openSUSE:Factory/.clamav.new.1982 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "clamav"

Fri Jul  3 16:04:20 2026 rev:141 rq:1363548 version:1.5.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/clamav/clamav.changes    2026-03-20 
21:27:23.392425287 +0100
+++ /work/SRC/openSUSE:Factory/.clamav.new.1982/clamav.changes  2026-07-03 
16:06:46.193122860 +0200
@@ -1,0 +2,41 @@
+Wed Jul  1 16:18:42 UTC 2026 - Arjen de Korte <[email protected]>
+
+- update to 1.5.3
+  ClamAV 1.5.3 is a patch release with the following fixes:
+  * bsc#1270091, CVE-2026-20217:
+    Fixed a bug in the PESpin unpacker cleanup path that could free pointers
+    into the scanned file buffer and crash the scanner.
+  * bsc#1270107, CVE-2026-20213:
+    Fixed an integer overflow in PE rebuild size calculations that could be
+    reached through a malformed Aspack-packed PE file and lead to a heap buffer
+    overflow write.
+  * bsc#1270089, CVE-2026-20216:
+    Fixed an InstallShield archive extraction limit bypass that could write far
+    more temporary data than intended and exhaust temporary storage.
+  * bsc#1270085, CVE-2026-20214:
+    Fixed an FSG unpacker loop underflow that could write past the section 
array
+    while scanning a malformed PE file.
+  * bsc#1270092, CVE-2026-20243:
+    Fixed ALZ parser size handling bugs that could cause malformed ALZ archives
+    to panic, abort the scanner, or skip expected scan-limit handling.
+  * bsc#1270088, CVE-2026-20215:
+    Fixed a 7z parser substream count overflow that could under-allocate parser
+    metadata arrays and write past them while reading a malformed archive.
+  * bsc#1270106, CVE-2026-20244:
+    Fixed 32-bit DMG parser size checks that could let a short mish stripe 
table
+    pass validation and crash 32-bit scanner builds.
+  * Hardened clamscan, clamdscan, and clamonacc quarantine actions against
+    time-of-check/time-of-use races that could redirect copied, moved, or 
removed
+    files under unsafe quarantine directory configurations.
+  * Upgraded the Rust tar dependency to resolve the RUSTSEC-2026-0067 and
+    RUSTSEC-2026-0068 advisories, and upgraded the Rust openssl dependency to
+    resolve CVE-2026-41676, bsc#1270138.
+  * Raised the minimum required CMake version to 3.17 to fix Linux builds with
+    libcurl v8.21.0 when linking static library dependencies.
+  * Metadata preclass scans now run before the final scan verdict.
+  * ClamOnAcc: Fixed errors when recursively excluded paths are children of an
+    included path.
+  * ClamOnAcc: Fixed hash bucket list corruption when two watched paths collide
+    in the same bucket.
+
+-------------------------------------------------------------------

Old:
----
  clamav-1.5.2.tar.gz
  clamav-1.5.2.tar.gz.sig

New:
----
  clamav-1.5.3.tar.gz
  clamav-1.5.3.tar.gz.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ clamav.spec ++++++
--- /var/tmp/diff_new_pack.krHdGt/_old  2026-07-03 16:06:54.953428209 +0200
+++ /var/tmp/diff_new_pack.krHdGt/_new  2026-07-03 16:06:54.953428209 +0200
@@ -44,7 +44,7 @@
 %define jsonc json-c-json-c-%vjsonc-20240915
 
 Name:           clamav
-Version:        1.5.2
+Version:        1.5.3
 Release:        0
 Summary:        Antivirus Toolkit
 License:        GPL-2.0-only

++++++ clamav-1.5.2.tar.gz -> clamav-1.5.3.tar.gz ++++++
/work/SRC/openSUSE:Factory/clamav/clamav-1.5.2.tar.gz 
/work/SRC/openSUSE:Factory/.clamav.new.1982/clamav-1.5.3.tar.gz differ: char 5, 
line 1

Reply via email to