[clamav-users] Please clarify ClamAV 0.103.2 security patch release
Damian
clamav-users at arcsin.de
Tue Apr 13 16:34:31 UTC 2021
Hi,
> the blog [1] is inconsistent with the CVEs descriptions for
> CVE-2021-1404 and -1405. This makes it unclear which versions are
> affected by which CVE. Can you fix the blog please?
I see the blog has been corrected, thank you.
> Furthermore, can you please confirm that the "buffer overread in PDF
> parser" issue (CVE-2021-1405 according to mitre) really is limited to
> 0.103.x? The surrounding code of [2] is two years old, so from my
> naive point of view 0.102 could be affected as well.
My bad, relevant code parts have been committed after 0.102.4 release.
Regards
Damian
More information about the clamav-users
mailing list