236818 – security/clamav: Update to 0.101.2.

Bug 236818 - security/clamav: Update to 0.101.2.

Summary: security/clamav: Update to 0.101.2.

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Steve Wills

URL:
Keywords:	security

Duplicates (1):	238428 (view as bug list)
Depends on:	236816
Blocks:
	Show dependency tree / graph

Reported:	2019-03-27 03:27 UTC by Yasuhiro Kimura
Modified:	2019-08-01 11:48 UTC (History)
CC List:	5 users (show)

See Also:

Flags:	yasu: merge-quarterly?

Attachments
Patch file (1.65 KB, patch) 2019-03-27 03:27 UTC, Yasuhiro Kimura	yasu: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yasuhiro Kimura freebsd_committer

2019-03-27 03:27:00 UTC

Created attachment 203176 [details]
Patch file

Update to 0.101.2.

Security:
* CVE-2019-1785
* CVE-2019-1786
* CVE-2019-1787
* CVE-2019-1788
* CVE-2019-1789
* CVE-2019-1798
    
Bug #236816 describes above vulnerabilities. So please commit together.

Comment 1 cgreen 2019-04-10 17:12:28 UTC

ClamAV 0.101.2, the version fixing the security issues listed above, has been available for download for two weeks now, and the patch on this page was added only the day after that.

The bug describing the vulnerabilities was closed days ago, and the box I updated manually to this version seems to be running fine.

Is there any reason this updated version hasn't yet been pushed into the ports tree?

Comment 2 commit-hook freebsd_committer

2019-04-11 00:56:56 UTC

A commit references this bug:

Author: swills
Date: Thu Apr 11 00:56:13 UTC 2019
New revision: 498628
URL: https://svnweb.freebsd.org/changeset/ports/498628

Log:
  security/clamav: Update to 0.101.2

  PR:		236818
  Submitted by:	Yasuhiro KIMURA <yasu@utahime.org> (maintainer)

Changes:
  head/security/clamav/Makefile
  head/security/clamav/distinfo
  head/security/clamav/pkg-plist

Comment 3 Steve Wills freebsd_committer

2019-04-11 00:57:20 UTC

Committed, thanks!

Comment 4 philk 2019-06-01 03:37:42 UTC

Definitely not committed.

The version in the pkg repository is still 0.101.1,1

# pkg search clamav
clamav-0.101.1,1               Command line virus scanner written entirely in C

This has been known vulnerable for 2 months.

Comment 5 Kubilay Kocak freebsd_committer

2019-06-12 13:35:46 UTC

*** Bug 238428 has been marked as a duplicate of this bug. ***

Comment 6 Kubilay Kocak freebsd_committer

2019-06-12 13:36:33 UTC

Re-open for MFH

Comment 7 Danny McGrath 2019-06-14 14:10:44 UTC

Any chance of this fix getting ported to 2019Q2 soonish? Asking for a friend. :)

Comment 8 Yasuhiro Kimura freebsd_committer

2019-08-01 11:48:14 UTC

There is already latest version (0.101.2) in latest quarterly branch (2019Q3).