Skip to content

Commit

Permalink
Merge pull request #14 from cisco-sbg/CLAM-2638-1.0.7-news
Browse files Browse the repository at this point in the history
News: updates prior to 1.0.7
  • Loading branch information
micahsnyder authored Sep 3, 2024
2 parents 4ab6044 + 8c8c9bc commit a54a13d
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 20 deletions.
20 changes: 0 additions & 20 deletions Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,6 @@ properties(
string(name: 'FUZZ_CORPUS_BRANCH',
defaultValue: '1.0',
description: 'private-fuzz-corpus branch'),
string(name: 'APPCHECK_PIPELINE',
defaultValue: 'appcheck-1.0',
description: 'test-pipelines branch for appcheck'),
string(name: 'SHARED_LIB_BRANCH',
defaultValue: 'master',
description: 'tests-jenkins-shared-libraries branch')
Expand Down Expand Up @@ -212,23 +209,6 @@ node('default') {
}
}

tasks["appcheck"] = {
stage("AppCheck") {
final appcheckResult = build(job: "test-pipelines/${params.APPCHECK_PIPELINE}",
propagate: true,
wait: true,
parameters: [
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
[$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "test-pipelines/${params.BUILD_PIPELINE}"],
[$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"],
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"]
]
)
echo "test-pipelines/${params.APPCHECK_PIPELINE} #${appcheckResult.number} succeeded."
}
}

parallel tasks
}
}
28 changes: 28 additions & 0 deletions NEWS.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,34 @@ differ slightly from third-party binary packages.

ClamAV 1.0.7 is a patch release with the following fixes:

- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
Changed the logging module to disable following symlinks on Linux and Unix
systems so as to prevent an attacker with existing access to the 'clamd' or
'freshclam' services from using a symlink to corrupt system files.

This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12

Thank you to Detlef for identifying this issue.

- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
Fixed a possible out-of-bounds read bug in the PDF file parser that could
cause a denial-of-service (DoS) condition.

This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12

Thank you to OSS-Fuzz for identifying this issue.

- Removed unused Python modules from freshclam tests including deprecated
'cgi' module that is expected to cause test failures in Python 3.13.

- Fix unit test caused by expiring signing certificate.
- Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1305)

Expand Down

0 comments on commit a54a13d

Please sign in to comment.