Browse code

Updated the NEWS for 0.101.5 release.

Micah Snyder (micasnyd) authored on 2019/11/20 04:57:24
Showing 1 changed files
... ...
@@ -7,6 +7,13 @@ Note: This file refers to the source tarball. Things described here may differ
7 7
 
8 8
 ClamAV 0.101.5 is a security patch release that addresses the following issues.
9 9
 
10
+- Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:
11
+  - [CVE-2019-15961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961)
12
+    A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
13
+    crafted email file as a result of excessively long scan times. The issue is
14
+    resolved by implementing several maximums in parsing MIME messages and by
15
+    optimizing use of memory allocation.
16
+
10 17
 - Added the zip scanning improvements found in v0.102.0 where it scans files
11 18
   using zip records from a sorted catalogue which provides deduplication of
12 19
   file records resulting in faster extraction and scan time and reducing the
... ...
@@ -21,10 +28,13 @@ ClamAV 0.101.5 is a security patch release that addresses the following issues.
21 21
   Static linking with libjson is highly recommended to prevent crashes in
22 22
   applications that use libclamav alongside another JSON parsing library.
23 23
 
24
+- Null-dereference fix in email parser when using the `--gen-json` metadata
25
+  option.
26
+
24 27
 Special thanks to the following for code contributions and bug reports:
25 28
 
26 29
 - Alberto Wu
27
--
30
+- Joran Dirk Greef
28 31
 
29 32
 ## 0.101.4
30 33