Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 18 Nov 2014 22:53:48 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Fwd: [Clamav-devel] ClamAV(R) blog: ClamAV 0.98.5
 has been released!

Context:

https://bugzilla.clamav.net/show_bug.cgi?id=11088

I found this in 2013, made a note, forgot about it, checked it again
recently and found clamscan still crashing hence CVE-2013-6497.

I don't have any other notes I've forgotten about. I think. =)

On 18/11/14 04:11 PM, Steven Morgan wrote:
> FYI:
> 
> ---------- Forwarded message ----------
> From: Joel Esler (jesler) <jesler@...co.com>
> Date: Tue, Nov 18, 2014 at 5:11 PM
> Subject: [Clamav-devel] ClamAV® blog: ClamAV 0.98.5 has been released!
> To: ClamAV Development <clamav-devel@...ts.clamav.net>, ClamAV users ML <
> clamav-users@...ts.clamav.net>, "clamav-announce@...ts.clamav.net" <
> clamav-announce@...ts.clamav.net>
> 
> 
> 
> 
> http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html
> 
> ClamAV 0.98.5 has been released!
> 
> Welcome to ClamAV 0.98.5! ClamAV 0.98.5 includes important new features
> for collecting and analyzing file properties. Software developers and
> analysts may collect file property meta data using the ClamAV API for
> subsequent analysis by ClamAV bytecode programs. Using these features
> will require that libjson-c is installed, but otherwise libjson-c is not
> needed.
> 
> Look for our upcoming series of blog posts to learn more about using the
> ClamAV API and bytecode facilities for collecting and analyzing file
> properties.
> 
> ClamAV 0.98.5 also includes these new features and bug fixes:
> 
> 
> • Support for the XDP file format and extracting, decoding, and scanning
> PDF files within XDP files. Addition of shared library support for LLVM
> versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of
> ClamAV bytecode signatures. Andreas Cadhalpun submitted the patch
> implementing this support.
> • Enhancements to the clambc command line utility to assist ClamAV bytecode
> signature authors by providing introspection into compiled bytecode
> programs.
> • Resolution of many of the warning messages from ClamAV compilation.
> • Improved detection of malicious PE files.
> • Security fix for ClamAV crash when using 'clamscan -a'. This issue was
> identified by Kurt Siefried of Red Hat.
> • Security fix for ClamAV crash when scanning maliciously crafted yoda's
> crypter files. This issue, as well as several other bugs fixed in this
> release, were identified by Damien Millescamp of Oppida.
> • ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode. Thanks to
> Reinhard Max for supplying the patch.
> • Bug fixes and other feature enhancements. See Changelog or git log for
> details.
> 
> 
> Thanks to the following ClamAV community members for code submissions
> and bug reporting included in ClamAV 0.98.5:
> 
> Andreas Cadhalpun
> Sebastian Andrzej Siewior
> Damien Millescamp
> Reinhard Max
> Kurt Seifried
> 
> Please download the latest release of ClamAV from 0.98.5 from our download
> page.
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> 
> http://www.clamav.net/contact.html#ml
> 

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ