Browse code
news - add news.md blurb regarding nsis/bz2 cve fix
Mickey Sola authored on 2019/08/14 23:08:59Showing 1 changed files
| ... | ... |
@@ -3,6 +3,12 @@ |
| 3 | 3 |
Note: This file refers to the source tarball. Things described here may differ |
| 4 | 4 |
slight |
| 5 | 5 |
|
| 6 |
+## 0.101.4 |
|
| 7 |
+ |
|
| 8 |
+An out of bounds write was possible within ClamAV's NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900). The issue has been resolved by respecting that limit. |
|
| 9 |
+ |
|
| 10 |
+Thanks to Martin Simmons for reporting the issue [here](https://bugzilla.clamav.net/show_bug.cgi?id=12371) |
|
| 11 |
+ |
|
| 6 | 12 |
## 0.101.3 |
| 7 | 13 |
|
| 8 | 14 |
ClamAV 0.101.3 is a patch release to address a vulnerability to non-recursive |