...
|
...
|
@@ -7,16 +7,34 @@ Note: This file refers to the source tarball. Things described here may differ
|
7
|
7
|
|
8
|
8
|
ClamAV 0.102.1 is a security patch release to address the following issues.
|
9
|
9
|
|
10
|
|
-### Bug fixes
|
|
10
|
+- Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:
|
|
11
|
+ - [CVE-2019-15961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961)
|
|
12
|
+ A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
|
|
13
|
+ crafted email file as a result of excessively long scan times. The issue is
|
|
14
|
+ resolved by implementing several maximums in parsing MIME messages and by
|
|
15
|
+ optimizing use of memory allocation.
|
|
16
|
+
|
|
17
|
+- Build system fixes to build clamav-milter, to correctly link with libxml2 when
|
|
18
|
+ detected, and to correctly detect fanotify for on-access scanning feature
|
|
19
|
+ support.
|
|
20
|
+
|
|
21
|
+- Signature load time is significantly reduced by changing to a more efficient
|
|
22
|
+ algorithm for loading signature patterns and allocating the AC trie.
|
|
23
|
+ Patch courtesy of Alberto Wu.
|
11
|
24
|
|
12
|
25
|
- Introduced a new configure option to statically link libjson-c with libclamav.
|
13
|
26
|
Static linking with libjson is highly recommended to prevent crashes in
|
14
|
27
|
applications that use libclamav alongside another JSON parsing library.
|
15
|
28
|
|
16
|
|
-### Acknowledgements
|
|
29
|
+- Null-dereference fix in email parser when using the `--gen-json` metadata
|
|
30
|
+ option.
|
17
|
31
|
|
18
|
|
-The ClamAV team thanks the following individuals for their code submissions:
|
|
32
|
+- Fixes for Authenticode parsing and certificate signature (.crb database) bugs.
|
|
33
|
+
|
|
34
|
+Special thanks to the following for code contributions and bug reports:
|
19
|
35
|
|
|
36
|
+- Alberto Wu
|
|
37
|
+- Joran Dirk Greef
|
20
|
38
|
- Reio Remma
|
21
|
39
|
|
22
|
40
|
## 0.102.0
|