clamav (1.0.7+dfsg-1~deb12u1) bookworm; urgency=medium
* Import 1.0.7 (Closes: #1080962)
- CVE-2024-20506 (Changed the logging module to disable following symlinks
on Linux)
- CVE-2024-20505 (Fixed a possible out-of-bounds read bug in the PDF file
parser).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 03 Oct 2024 11:57:45 +0200
clamav (1.0.5+dfsg-1~deb12u1) bookworm; urgency=medium
* Import 1.0.5 (Closes: #1063479).
- Update symbols.
- CVE-2024-20290 (Fixed a possible heap overflow read bug in the OLE2 file
parser that could cause a denial-of-service (DoS) condition.)
- CVE-2024-20328 (Fixed a possible command injection vulnerability in the
"VirusEvent" feature of ClamAV's ClamD service.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 08 Feb 2024 21:58:26 +0100
clamav (1.0.4+dfsg-1~deb12u1) bookworm; urgency=medium
* Import 1.0.4
- Update symbols.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 04 Feb 2024 11:45:46 +0100
clamav (1.0.3+dfsg-1~deb12u1) bookworm; urgency=medium
* Import 1.0.3
* Remove unnecessary warning messages in freshclam during update.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sat, 09 Sep 2023 16:36:13 +0200
clamav (1.0.2+dfsg-1~deb12u1) bookworm; urgency=medium
* Import 1.0.2 (Closes: #1050057)
- CVE-2023-20197 (Possible DoS in HFS+ file parser).
- CVE-2023-20212 (Possible DoS in AutoIt file parser).
* Use cmake for xml2 detection (Closes: #949100).
* Replace tomsfastmath with OpenSSL's BN.
* Don't enable clamonacc by default (Closes: #1030171).
* Let the clamav-daemon.socket depend on the service file again
(Closes: #1044136).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 27 Aug 2023 11:35:11 +0200
clamav (1.0.1+dfsg-2) unstable; urgency=medium
* Depend on latest libtfm1 (Closes: #1031896, #1027010).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 26 Feb 2023 17:39:06 +0100
clamav (1.0.1+dfsg-1) unstable; urgency=medium
* Import 1.0.1 (Closes: #1031509)
- CVE-2023-20032 (Possible RCE in the HFS+ file parser).
- CVE-2023-20052 (Possible information leak in the DMG file parser).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Fri, 17 Feb 2023 20:29:05 +0100
clamav (1.0.0+dfsg-6) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
* Add d/p/Add-an-option-to-avoid-setting-RPATH-on-unix-systems.patch to fix
rpath issues
[ Scott Kitterman ]
* Remove obsolete usr/share/doc/*/NEWS.gz links from debian/*.links, no
longer provided in the package (Thanks to Paul Wise for reporting)
(Closes: #1029173)
* Complete update of d/copyright for upstream file removal/reorganization
* Restore and update clamav-freshclam and libclamav lintian-overrides for
current lintian
* Drop depends on obsolete package lsb-base
-- Scott Kitterman <scott@kitterman.com> Sat, 21 Jan 2023 18:02:12 -0500
clamav (1.0.0+dfsg-5) unstable; urgency=medium
[ Scott Kitterman ]
* Update paths in d/tests/clamd for new source layout
* Add misc:Pre-Depends to clamav-daemon and clamav-milter for
init-system-helpers
* Remove obsolete debian/NEWS file
* More lintian override corrections
* Start of removing obsolete d/copyright entries
[ Sebastian Andrzej Siewior ]
* Fix testsuite on big endian architectures.
-- Scott Kitterman <scott@kitterman.com> Fri, 06 Jan 2023 12:33:39 -0500
clamav (1.0.0+dfsg-4) unstable; urgency=medium
* Drop unneeded build-depends on rust-lldb (Closes: #1027948).
-- Scott Kitterman <scott@kitterman.com> Wed, 04 Jan 2023 18:32:47 -0500
clamav (1.0.0+dfsg-3) unstable; urgency=medium
* Upload to unstable
* Directly trigger html docs build to fix lack of html docs and update
clamav-docs.install
* Fixup duplicate globs in d/copyright
* Update paths for new source layout in lintian overrides
* Update clean rule for new tests
* Add debian/source/options to ignore changes in Cargo.lock when regenerated
during build
* Remove obsolete overrides from d/rules
-- Scott Kitterman <scott@kitterman.com> Wed, 04 Jan 2023 15:06:03 -0500
clamav (1.0.0+dfsg-2) experimental; urgency=medium
[ Scott Kitterman ]
* Add libclamav11 replaces libclamav9 since the libfreshclam so name did not
change (Closes: #1027698).
[ Sebastian Andrzej Siewior ]
* Use a version-script and limit the exported symbols of libclamav and
libfreshclam.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Mon, 02 Jan 2023 18:38:42 +0100
clamav (1.0.0+dfsg-1) experimental; urgency=medium
* Update to 1.0.0 (Closes: #1006179).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sat, 31 Dec 2022 13:44:59 +0100
clamav (0.103.7+dfsg-1) unstable; urgency=medium
* Import 0.103.7
- Update symbol file.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 14 Aug 2022 21:33:51 +0200
clamav (0.103.6+dfsg-1) unstable; urgency=medium
* Import 0.103.6
- CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file
parser).
- CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan
verdict cache check).
- CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file
parser).
- CVE-2022-20785 (Possible memory leak in the HTML file parser/
Javascript normalizer).
- CVE-2022-20792 (Possible multi-byte heap buffer overflow write
vulnerability in the signature database load module.
- Update symbol file.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 12 May 2022 18:55:59 +0200
clamav (0.103.5+dfsg-1) unstable; urgency=medium
* Import 0.103.5
- CVE-2022-20698 (Fix for invalid pointer read that may cause a crash).
- Update symbol file.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Wed, 12 Jan 2022 21:31:23 +0100
clamav (0.103.4+dfsg-1) unstable; urgency=medium
* Import 0.103.4
- Update symbol file.
* Add clamonacc.8.
* Install clamonacc only on Linux. Patch by Laurent Bigonvill
(Closes: #992776).
* Drop unused libidn11-dev dependency, suggested by Simon Josefsson
(Closes: #991976).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Tue, 16 Nov 2021 22:03:15 +0100
clamav (0.103.3+dfsg-1) unstable; urgency=medium
* Import 0.103.3
- Update symbol file.
- Regression: clamdscan segfaults with --fdpass --multipass and
ExcludePath (Closes: #988218).
* Remove clamav user on purge (Closes: #987861).
* Remove freshclam.dat on purge.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Fri, 02 Jul 2021 00:06:16 +0200
clamav (0.103.2+dfsg-2) unstable; urgency=medium
* Remove deprecated option SafeBrowsing from debconf templates.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Thu, 15 Apr 2021 21:59:11 +0200
clamav (0.103.2+dfsg-1) unstable; urgency=medium
* Import 0.103.2
- CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
- CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
- CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
- Update symbol file.
(Closes: #986622).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Mon, 12 Apr 2021 21:31:08 +0200
clamav (0.103.0+dfsg-3.1) unstable; urgency=medium
* Non-maintainer upload.
* debian/patches: Apply upstream patch to fix call of ck_assert_msg (Closes:
#980592)
-- Sebastian Ramacher <sramacher@debian.org> Sun, 21 Feb 2021 16:00:07 +0100
clamav (0.103.0+dfsg-3) unstable; urgency=medium
* Update apparmor profile for clamd. Thanks to Stefano Callegari.
(Closes: #973619).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Tue, 03 Nov 2020 22:03:19 +0100
clamav (0.103.0+dfsg-2) unstable; urgency=medium
* Update apparmor profile for freshclam. Thanks to Michael Borgelt.
(Closes: #972974)
* Fix testsuite in an IPv6 only environment (Closes: #963853).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 01 Nov 2020 20:29:46 +0100
clamav (0.103.0+dfsg-1) unstable; urgency=medium
* Import 0.103.0
- Drop CURL_CA_BUNDLE related patch, changes applied upstream.
- Update symbol file.
* Rename NEWS.Debian to NEWS.
* Update lintian overrides.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sat, 24 Oct 2020 18:05:10 +0200
clamav (0.102.4+dfsg-1) unstable; urgency=medium
[ Helmut Grohne ]
* Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843)
[ Scott Kitterman ]
* Add Suggests for unversioned libclamunrar package on clamav-daemon and
clamav binaries
[ Sebastian Andrzej Siewior ]
* Import 0.102.4
- CVE-2020-3350 (A malicious user trick clamav into moving a different file).
- CVE-2020-3327 (A vulnerability in the ARJ archive parsing module).
- CVE-2020-3481 (A vulnerability in the EGG archive module).
* Update symbol file.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Fri, 17 Jul 2020 20:30:03 +0200
clamav (0.102.3+dfsg-1) unstable; urgency=medium
* Import 0.102.3
- CVE-2020-3327 (A vulnerability in the ARJ archive parsing module)
- CVE-2020-3341 (A vulnerability in the PDF parsing module)
* Update symbol file.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sat, 16 May 2020 17:12:04 +0200
clamav (0.102.2+dfsg-2) unstable; urgency=medium
* Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
to set the CA bundle (like curl does) (Closes: #951057).
* Recommend ca-certificates, new freshclash uses https by default.
* Bump standards-version to 4.5.0 without further change
* Use dh-compat level 12.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sat, 22 Feb 2020 13:41:02 +0100
clamav (0.102.2+dfsg-1) unstable; urgency=medium
* Import 0.102.2
- CVE-2020-3123 (DoS may occur in the optional DLP feature)
(Closes: 950944).
* Update symbol file.
* Set ReceiveTimeout to 0 which is upstream default.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 09 Feb 2020 20:24:46 +0100
clamav (0.102.1+dfsg-3) unstable; urgency=medium
* clamav-daemon: Do not cause an error on start if /run/clamav already
exists
* clamav-daemon: Correct error from ScanOnAccess option removal so that
setting LogFile options via DebConf works again (Closes: #950296)
(LP: #1861497)
-- Scott Kitterman <scott@kitterman.com> Fri, 31 Jan 2020 16:49:37 -0500
clamav (0.102.1+dfsg-2) unstable; urgency=medium
* Add the clamonacc binary to the clamav-daemon package.
* Drop ScanOnAccess option. The clamonacc provides this functionality.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Mon, 23 Dec 2019 20:54:21 +0100
clamav (0.102.1+dfsg-1) unstable; urgency=medium
* Import 0.102.1 (Closes: #945265)
- CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan
times).
- Let freshclam show progress during download (Closes: #690789).
* Update symbol file.
* Add libfreshclam to the libclamav9 package.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sat, 30 Nov 2019 19:22:15 +0100
clamav (0.101.4+dfsg-1) unstable; urgency=medium
* Import 0.101.4
- CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
(Closes:934359)
- CVE-2019-12900 (An out of bounds write was possible within ClamAV's
NSIS bzip)
- update symbols file (bump to 101.4 and drop unused cli_strnstr).
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 25 Aug 2019 12:38:25 +0200
clamav (0.101.2+dfsg-3) unstable; urgency=medium
* Cherry-pick a fix from 0.101.3 to address a vulnerability to
non-recursive zip bombs.
-- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Tue, 06 Aug 2019 21:42:06 +0200
clamav (0.101.2+dfsg-2) unstable; urgency=medium
* Remove python from build-depends:
- Only needed for llvm, which is currently (and probably permanently)
disabled
- Support python2 removal, if this comes back, it will need to be python3
-- Scott Kitterman <scott@kitterman.com> Fri, 02 Aug 2019 09:20:43 -0400
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog clamav`.
Generated by dwww version 1.15 on Sat Aug 30 09:12:44 CEST 2025.