@@ -16,6 +16,40 @@ an assortment of minor fixes:

   manual under docs/UserManual[.md].

 - Backwards compatibility improvements for detecting the OpenSSL dependency.

+## 0.100.1

+

+ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.

+

+- Fixes for the following CVE's:

+  - [CVE-2017-16932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932):

+    Vulnerability in libxml2 dependency (affects ClamAV on Windows only).

+  - [CVE-2018-0360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360):

+    HWP integer overflow, infinite loop vulnerability.

+    Reported by Secunia Research at Flexera.

+  - [CVE-2018-0361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361):

+    ClamAV PDF object length check, unreasonably long time to parse relatively

+    small file.  Reported by aCaB.

+- Fixes for a few additional bugs:

+  - Buffer over-read in unRAR code due to missing max value checks in table

+    initialization.  Reported by Rui Reis.

+  - Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck.

+  - PDF parser bugs reported by Alex Gaynor.

+    - Buffer length checks when reading integers from non-NULL terminated strings.

+    - Buffer length tracking when reading strings from dictionary objects.

+- HTTPS support for clamsubmit.

+- Fix for DNS resolution for users on IPv4-only machines where IPv6 is not

+  available or is link-local only.  Patch provided by Guilherme Benkenstein.

+

+Thank you to the following ClamAV community members for your code submissions

+and bug reports!

+

+- aCaB

+- Alex Gaynor

+- Guilherme Benkenstein

+- Hanno Böck

+- Rui Reis

+- Laurent Delosieres, Secunia Research at Flexera

+

 ## 0.100.0

 ClamAV 0.100.0 is a feature release which includes many code submissions