Date: Thu, 17 Aug 2023 03:36:54 GMT From: Yasuhiro Kimura <yasu@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 147d5444c402 - main - security/vuxml: Document two vulnerabilities in ClamAV Message-ID: <202308170336.37H3asv1045731@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by yasu: URL: https://cgit.FreeBSD.org/ports/commit/?id=147d5444c402f54de17dbc200f31f3d0acb1917e commit 147d5444c402f54de17dbc200f31f3d0acb1917e Author: Yasuhiro Kimura <yasu@FreeBSD.org> AuthorDate: 2023-08-16 23:28:53 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2023-08-17 03:32:32 +0000 security/vuxml: Document two vulnerabilities in ClamAV --- security/vuxml/vuln/2023.xml | 62 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index d00d86d4d372..58cf382f2f2f 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,65 @@ + <vuln vid="8e561cfe-3c59-11ee-b32e-080027f5fec9"> + <topic>clamav -- Possible denial of service vulnerability in the AutoIt file parser</topic> + <affects> + <package> + <name>clamav-lts</name> + <range><lt>1.0.2,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The ClamAV project reports:</p> + <blockquote cite="https://blog.clamav.net/2023/07/2023-08-16-releases.html">; + <p> + There is a possible denial of service vulnerability in the + AutoIt file parser. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-20212</cvename> + <url>https://blog.clamav.net/2023/07/2023-08-16-releases.html</url>; + </references> + <dates> + <discovery>2023-08-15</discovery> + <entry>2023-08-16</entry> + </dates> + </vuln> + + <vuln vid="51a59f36-3c58-11ee-b32e-080027f5fec9"> + <topic>clamav -- Possible denial of service vulnerability in the HFS+ file parser</topic> + <affects> + <package> + <name>clamav</name> + <range><lt>1.1.1,1</lt></range> + </package> + <package> + <name>clamav-lts</name> + <range><lt>1.0.2,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Steve Smith reports:</p> + <blockquote cite="https://blog.clamav.net/2023/07/2023-08-16-releases.html">; + <p> + There is a possible denial of service vulnerability in the + HFS+ file parser. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-20197</cvename> + <url>https://blog.clamav.net/2023/07/2023-08-16-releases.html</url>; + </references> + <dates> + <discovery>2023-08-15</discovery> + <entry>2023-08-16</entry> + </dates> + </vuln> + <vuln vid="a6986f0f-3ac0-11ee-9a88-206a8a720317"> <topic>krb5 -- Double-free in KDC TGS processing</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202308170336.37H3asv1045731>