...
|
...
|
@@ -16,6 +16,40 @@ an assortment of minor fixes:
|
16
|
16
|
manual under docs/UserManual[.md].
|
17
|
17
|
- Backwards compatibility improvements for detecting the OpenSSL dependency.
|
18
|
18
|
|
|
19
|
+## 0.100.1
|
|
20
|
+
|
|
21
|
+ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.
|
|
22
|
+
|
|
23
|
+- Fixes for the following CVE's:
|
|
24
|
+ - [CVE-2017-16932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932):
|
|
25
|
+ Vulnerability in libxml2 dependency (affects ClamAV on Windows only).
|
|
26
|
+ - [CVE-2018-0360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360):
|
|
27
|
+ HWP integer overflow, infinite loop vulnerability.
|
|
28
|
+ Reported by Secunia Research at Flexera.
|
|
29
|
+ - [CVE-2018-0361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361):
|
|
30
|
+ ClamAV PDF object length check, unreasonably long time to parse relatively
|
|
31
|
+ small file. Reported by aCaB.
|
|
32
|
+- Fixes for a few additional bugs:
|
|
33
|
+ - Buffer over-read in unRAR code due to missing max value checks in table
|
|
34
|
+ initialization. Reported by Rui Reis.
|
|
35
|
+ - Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck.
|
|
36
|
+ - PDF parser bugs reported by Alex Gaynor.
|
|
37
|
+ - Buffer length checks when reading integers from non-NULL terminated strings.
|
|
38
|
+ - Buffer length tracking when reading strings from dictionary objects.
|
|
39
|
+- HTTPS support for clamsubmit.
|
|
40
|
+- Fix for DNS resolution for users on IPv4-only machines where IPv6 is not
|
|
41
|
+ available or is link-local only. Patch provided by Guilherme Benkenstein.
|
|
42
|
+
|
|
43
|
+Thank you to the following ClamAV community members for your code submissions
|
|
44
|
+and bug reports!
|
|
45
|
+
|
|
46
|
+- aCaB
|
|
47
|
+- Alex Gaynor
|
|
48
|
+- Guilherme Benkenstein
|
|
49
|
+- Hanno Böck
|
|
50
|
+- Rui Reis
|
|
51
|
+- Laurent Delosieres, Secunia Research at Flexera
|
|
52
|
+
|
19
|
53
|
## 0.100.0
|
20
|
54
|
|
21
|
55
|
ClamAV 0.100.0 is a feature release which includes many code submissions
|