On 2018-07-29 22:01:20 [+0100], Adam D. Barratt wrote: > <draft> > ClamAV is anĀ AntiVirus toolkit for Unix. > > Upstream published version 0.100.1. > > This is a mostly a bug-fix release. The changes are not strictly > required for operation, but users of the previous version in stretch > may not be able to make use of all current virus signatures and might > get warnings. > > Changes since 0.100.0 currently in stretch include fixes for two > security issues. > > CVE-2018-0360 > > ClamAV before 0.100.1 has an HWP integer overflow with a resultant > infinite loop via a crafted Hangul Word Processor file. > > CVE-2018-0361 > > ClamAV before 0.100.1 lacks a PDF object length check, resulting > in an unreasonably long time to parse a relatively small file. > </draft>
perfect, thank you. > Apologies if the initial section is incorrect, it wasn't entirely clear > to me whether there would be warnings for the bump from 0.100.0 to > 0.100.1. no worries. > Regards, > > Adam Sebastian
