...
|
...
|
@@ -5,15 +5,37 @@ Note: This file refers to the source tarball. Things described here may differ
|
5
|
5
|
|
6
|
6
|
## 0.100.1
|
7
|
7
|
|
8
|
|
-ClamAV 0.99.4 is a hotfix release to patch a set of vulnerabilities.
|
9
|
|
-
|
10
|
|
-- fixes for the following CVE's: .
|
11
|
|
-- also included are for a few minor vulnerabilities.
|
12
|
|
-
|
13
|
|
-Thank you to the following ClamAV community members for your code
|
14
|
|
-submissions and bug reports!
|
15
|
|
-
|
16
|
|
-
|
|
8
|
+ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.
|
|
9
|
+
|
|
10
|
+- Fixes for the following CVE's:
|
|
11
|
+ - [CVE-2017-16932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932):
|
|
12
|
+ Vulnerability in libxml2 dependency (affects ClamAV on Windows only).
|
|
13
|
+ - [CVE-2018-0360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360):
|
|
14
|
+ HWP integer overflow, infinite loop vulnerability.
|
|
15
|
+ Reported by Secunia Research at Flexera.
|
|
16
|
+ - [CVE-2018-0361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361):
|
|
17
|
+ ClamAV PDF object length check, unreasonably long time to parse relatively
|
|
18
|
+ small file. Reported by aCaB.
|
|
19
|
+- Fixes for a few additional bugs:
|
|
20
|
+ - Buffer over-read in unRAR code due to missing max value checks in table
|
|
21
|
+ initialization. Reported by Rui Reis.
|
|
22
|
+ - Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck.
|
|
23
|
+ - PDF parser bugs reported by Alex Gaynor.
|
|
24
|
+ - Buffer length checks when reading integers from non-NULL terminated strings.
|
|
25
|
+ - Buffer length tracking when reading strings from dictionary objects.
|
|
26
|
+- HTTPS support for clamsubmit.
|
|
27
|
+- Fix for DNS resolution for users on IPv4-only machines where IPv6 is not
|
|
28
|
+ available or is link-local only. Patch provided by Guilherme Benkenstein.
|
|
29
|
+
|
|
30
|
+Thank you to the following ClamAV community members for your code submissions
|
|
31
|
+and bug reports!
|
|
32
|
+
|
|
33
|
+- aCaB
|
|
34
|
+- Alex Gaynor
|
|
35
|
+- Guilherme Benkenstein
|
|
36
|
+- Hanno Böck
|
|
37
|
+- Rui Reis
|
|
38
|
+- Laurent Delosieres, Secunia Research at Flexera
|
17
|
39
|
|
18
|
40
|
## 0.100.0
|
19
|
41
|
|