Created attachment 203176 [details]
Update to 0.101.2.
Bug #236816 describes above vulnerabilities. So please commit together.
ClamAV 0.101.2, the version fixing the security issues listed above, has been available for download for two weeks now, and the patch on this page was added only the day after that.
The bug describing the vulnerabilities was closed days ago, and the box I updated manually to this version seems to be running fine.
Is there any reason this updated version hasn't yet been pushed into the ports tree?
A commit references this bug:
Date: Thu Apr 11 00:56:13 UTC 2019
New revision: 498628
security/clamav: Update to 0.101.2
Submitted by: Yasuhiro KIMURA <firstname.lastname@example.org> (maintainer)
Definitely not committed.
The version in the pkg repository is still 0.101.1,1
# pkg search clamav
clamav-0.101.1,1 Command line virus scanner written entirely in C
This has been known vulnerable for 2 months.
*** Bug 238428 has been marked as a duplicate of this bug. ***
Re-open for MFH
Any chance of this fix getting ported to 2019Q2 soonish? Asking for a friend. :)