Skip to content

community/clamav: upgrade to 1.3.2

Benjamin Chenebault requested to merge bench/aports:upgrade-clamav into master

ClamAV 1.3.2 security patch versions published

ClamAV 1.3.2 is a patch release with the following fixes:

  • CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.
  • CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service condition.

Signed-off-by: Benjamin Chenebault contact@benjaminchenebault.net

Merge request reports