[clamav-users] Please clarify ClamAV 0.103.2 security patch release
Damian
clamav-users at arcsin.de
Tue Apr 13 08:47:44 UTC 2021
Hi,
the blog [1] is inconsistent with the CVEs descriptions for
CVE-2021-1404 and -1405. This makes it unclear which versions are
affected by which CVE. Can you fix the blog please?
Furthermore, can you please confirm that the "buffer overread in PDF
parser" issue (CVE-2021-1405 according to mitre) really is limited to
0.103.x? The surrounding code of [2] is two years old, so from my naive
point of view 0.102 could be affected as well.
Regards
Damian
[1] https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
[2]
https://github.com/Cisco-Talos/clamav-devel/commit/7a70a03ba01d657296be61f0ec98ca6990f51578
More information about the clamav-users
mailing list