Date: Thu, 8 Apr 2021 04:38:09 GMT From: Neel Chauhan <nc@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 48c9ebfaf8c1 - main - Document multiple vulnerabilities in security/clamav Message-ID: <202104080438.1384c9ir061890@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by nc: URL: https://cgit.FreeBSD.org/ports/commit/?id=48c9ebfaf8c1f2f890a9eefa06a0862d3767bc91 commit 48c9ebfaf8c1f2f890a9eefa06a0862d3767bc91 Author: Neel Chauhan <nc@FreeBSD.org> AuthorDate: 2021-04-08 04:36:09 +0000 Commit: Neel Chauhan <nc@FreeBSD.org> CommitDate: 2021-04-08 04:36:09 +0000 Document multiple vulnerabilities in security/clamav PR: 254861 Submitted by: Yasuhiro Kimura <yasu AT utahime DOT org> --- security/vuxml/vuln.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d20341a0f523..32c3005b8270 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -76,6 +76,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9ae2c00f-97d0-11eb-8cd6-080027f515ea"> + <topic>clamav -- Multiple vulnerabilites</topic> + <affects> + <package> + <name>clamav</name> + <range><lt>0.103.2,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Micah Snyder reports:</p> + <blockquote cite="https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html"> + <dl> + <dt>CVE-2021-1252</dt> + <dd>Excel XLM parser infinite loop</dd> + <dt>CVE-2021-1404</dt> + <dd>PDF parser buffer over-read; possible crash. </dd> + <dt>CVE-2021-1405</dt> + <dd>Mail parser NULL-dereference crash. </dd> + </dl> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-1252</cvename> + <cvename>CVE-2021-1404</cvename> + <cvename>CVE-2021-1405</cvename> + <url>https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html</url> + </references> + <dates> + <discovery>2021-04-07</discovery> + <entry>2021-04-07</entry> + </dates> + </vuln> + <vuln vid="9595d002-edeb-4602-be2d-791cd654247e"> <topic>jenkins -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104080438.1384c9ir061890>