From owner-freebsd-ports@freebsd.org Wed Feb 5 19:42:41 2020 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C171D22BF98 for ; Wed, 5 Feb 2020 19:42:41 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48CX5r442Gz43MD for ; Wed, 5 Feb 2020 19:42:40 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1izQb3-00064O-Vv for freebsd-ports@freebsd.org; Wed, 05 Feb 2020 12:44:25 -0700 Date: Wed, 5 Feb 2020 12:44:25 -0700 From: The Doctor To: freebsd-ports@freebsd.org Subject: [jesler@cisco.com: [Clamav-announce] ClamAV?? blog: ClamAV 0.102.2 security patch released] Message-ID: <20200205194425.GA20596@doctor.nl2k.ab.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: 48CX5r442Gz43MD X-Spamd-Bar: ++ X-Spamd-Result: default: False [2.49 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.09)[-0.089,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(0.00)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; BAD_REP_POLICIES(0.10)[]; RCVD_TLS_LAST(0.00)[]; URIBL_PBL(0.02)[empire.kred]; DMARC_POLICY_ALLOW(0.00)[nl2k.ab.ca,quarantine]; NEURAL_SPAM_LONG(0.73)[0.728,0]; IP_SCORE(-0.17)[ip: (-0.41), ipnet: 204.209.81.0/24(-0.20), asn: 6171(-0.16), country: CA(-0.09)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; INTRODUCTION(2.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; SUBJECT_HAS_QUESTION(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Feb 2020 19:42:41 -0000 Heads up security/clamav team. ----- Forwarded message from "Joel Esler (jesler)" ----- Date: Wed, 5 Feb 2020 17:29:00 +0000 From: "Joel Esler (jesler)" To: "clamav-announce@lists.clamav.net" , "clamav-users@lists.clamav.net" , "clamav-devel@lists.clamav.net" Subject: [Clamav-announce] ClamAV?? blog: ClamAV 0.102.2 security patch released x-mailer: Apple Mail (2.3608.60.0.2.5) https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html Today, we're publishing 0.102.2. Navigate to ClamAV's downloads page to download the release materials. 0.102.2 ClamAV 0.102.2 is a security patch release to address the following issues. * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * Significantly improved the scan speed of PDF files on Windows. * Re-applied a fix to alleviate file access issues when scanning RAR files in downstream projects that use libclamav where the scanning engine is operating in a low-privilege process. This bug was originally fixed in 0.101.2 and the fix was mistakenly omitted from 0.102.0. * Fixed an issue where freshclam failed to update if the database version downloaded is one version older than advertised. This situation may occur after a new database version is published. The issue affected users downloading the whole CVD database file. * Changed the default freshclam ReceiveTimeout setting to 0 (infinite). The ReceiveTimeout had caused needless database update failures for users with slower internet connections. * Correctly display the number of kilobytes (KiB) in progress bar and reduced the size of the progress bar to accommodate 80-character width terminals. * Fixed an issue where running freshclam manually causes a daemonized freshclam process to fail when it updates because the manual instance deletes the temporary download directory. The freshclam temporary files will now download to a unique directory created at the time of an update instead of using a hardcoded directory created/destroyed at the program start/exit. * Fix for freshclam's OnOutdatedExecute config option. * Fixes a memory leak in the error condition handling for the email parser. * Improved bound checking and error handling in ARJ archive parser. * Improved error handling in PDF parser. * Fix for memory leak in byte-compare signature handler. * Updates to the unit test suite to support libcheck 0.13. * Updates to support autoconf 2.69 and automake 1.15. Special thanks to the following people for code contributions and bug reports: * Antoine Desch??nes * Eric Lindblad * Gianluigi Tiesi * Tuomo Soini Please join us on the ClamAV mailing lists for further discussion. Thanks! _______________________________________________ clamav-announce mailing list clamav-announce@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-announce http://www.clamav.net/contact.html#ml ----- End forwarded message ----- -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Sometimes it is the greediest giving things away. -unknown