...
|
...
|
@@ -7,6 +7,13 @@ Note: This file refers to the source tarball. Things described here may differ
|
7
|
7
|
|
8
|
8
|
ClamAV 0.101.5 is a security patch release that addresses the following issues.
|
9
|
9
|
|
|
10
|
+- Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:
|
|
11
|
+ - [CVE-2019-15961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961)
|
|
12
|
+ A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
|
|
13
|
+ crafted email file as a result of excessively long scan times. The issue is
|
|
14
|
+ resolved by implementing several maximums in parsing MIME messages and by
|
|
15
|
+ optimizing use of memory allocation.
|
|
16
|
+
|
10
|
17
|
- Added the zip scanning improvements found in v0.102.0 where it scans files
|
11
|
18
|
using zip records from a sorted catalogue which provides deduplication of
|
12
|
19
|
file records resulting in faster extraction and scan time and reducing the
|
...
|
...
|
@@ -21,10 +28,13 @@ ClamAV 0.101.5 is a security patch release that addresses the following issues.
|
21
|
21
|
Static linking with libjson is highly recommended to prevent crashes in
|
22
|
22
|
applications that use libclamav alongside another JSON parsing library.
|
23
|
23
|
|
|
24
|
+- Null-dereference fix in email parser when using the `--gen-json` metadata
|
|
25
|
+ option.
|
|
26
|
+
|
24
|
27
|
Special thanks to the following for code contributions and bug reports:
|
25
|
28
|
|
26
|
29
|
- Alberto Wu
|
27
|
|
--
|
|
30
|
+- Joran Dirk Greef
|
28
|
31
|
|
29
|
32
|
## 0.101.4
|
30
|
33
|
|