Browse code
Update NEWS.md for 0.102.3 release
Micah Snyder authored on 2020/04/22 01:36:52Showing 1 changed files
| ... | ... |
@@ -7,11 +7,19 @@ Note: This file refers to the source tarball. Things described here may differ |
| 7 | 7 |
|
| 8 | 8 |
ClamAV 0.102.3 is a bug patch release to address the following issues. |
| 9 | 9 |
|
| 10 |
-- Updated libclamunrar to UnRAR 5.9.2. |
|
| 10 |
+- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327): |
|
| 11 |
+ Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that |
|
| 12 |
+ could cause a Denial-of-Service (DoS) condition. Improper bounds checking of |
|
| 13 |
+ an unsigned variable results in an out-of-bounds read which causes a crash. |
|
| 11 | 14 |
|
| 12 |
-Special thanks to the following for code contributions and bug reports: |
|
| 15 |
+ Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ |
|
| 16 |
+ parsing vulnerability. |
|
| 17 |
+ |
|
| 18 |
+- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents. |
|
| 13 | 19 |
|
| 14 |
-- |
|
| 20 |
+- Fix a couple of minor memory leaks. |
|
| 21 |
+ |
|
| 22 |
+- Updated libclamunrar to UnRAR 5.9.2. |
|
| 15 | 23 |
|
| 16 | 24 |
## 0.102.2 |
| 17 | 25 |
|